RSS Print Email

Privacy

FTC seeks public comment on AgeCheq Inc.’s application for approval of proposed verifiable parental consent method

On August 25, 2014, the Federal Trade Commission (“FTC”) issued a Federal Register notice to be published, announcing the FTC’s request for public comment on a proposed verifiable parental consent method. The method has been submitted for approval by AgeCheq, Inc. under the Children's Online Privacy Protection Act and the rules promulgated thereunder.

Read More

Kim Peretti Interviewed by BankInfoSecurity

August 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed on by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware.

In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don't know about security, the pre- and post-breach responsibilities of boards, and how to educate the board - and when. "[Boards] have an awareness of the threat out there," Peretti said. "But what they're struggling with - what they don't know - is what is the risk that the [threat] has to any particular organization, how do you mitigate that risk, and how do you respond to it?"

Read More

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce.

Read More

FTC Issues Study on Mobile Shopping Apps Reviewing Pre-download Disclosures

On August 1, 2014, the Federal Trade Commission (“FTC”) issued a study called “What’s the Deal? An FTC Study on Mobile Shopping Apps,” with recommendations concerning pre-download disclosures. FTC staff surveyed and reviewed 121 mobile shopping apps that fell into three categories: price comparison apps, deal apps, and in-store purchase apps. FTC staff focused their analysis on (1) the in-store purchase apps’ pre-download disclosures concerning payment disputes, and (2) all of the surveyed apps’ pre-download disclosures concerning how the apps collect and handle consumer data.

Read More

Dominique Shelton Named Most Influential Lawyer in Digital Media and E-Commerce Law by Los Angeles Business Journal

July 31, 2014 | Posted by Privacy & Data Security Team | Topic(s): Data Security, Privacy

Dominique Shelton, partner in the firm’s Litigation & Trial Practice and Privacy & Data Security Groups was recently included by the Los Angeles Business Journal in their inaugural, “Most Influential Lawyers: Digital Media and E-Commerce.”

The list recognizes 30 Los Angeles attorneys who have demonstrated outstanding achievements in digital media and e-commerce law. Shelton is noted as one of the top practitioners in her field, advising clients on “cutting-edge” legal issues and “representing companies in a variety of industries and service sectors, including digital sales and marketing, advertising, wireless/mobile Internet, lead generation, manufacturing and electrical, software, telecommunications and television.”

Posted by Privacy & Data Security Team | Alston & Bird LLP

FTC Updates Guidelines for Obtaining Parental Consent Applicable to Website Operators and Developers of Children’s Apps

On July 16, 2014, the Federal Trade Commission (“FTC”) issued revised guidance regarding compliance with the Children's Online Privacy Protection Act (“COPPA”). COPPA and the rules promulgated thereunder regulate the collection, use, and disclosure of personal information from children under age 13 by operators of commercial websites and online services, including mobile apps. The recent changes to the FTC’s Complying with COPPA: Frequently Asked Questions document clarify parental consent requirements with respect to such websites and services.

Read More

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

July 29, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial to companies of all sizes, both in the public and private sectors. Directors and officers are under increased scrutiny and expected to be fully aware and engaged in their companies’ cybersecurity measures. Peretti and Corley’s article addresses the risks and impacts of data breaches, as well as practical pre- and post-breach guidance.

To read the full article, click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

OCR Issues Two New Reports to Congress on HIPAA Compliance and Enforcement from 2011 to 2012

Last week the HHS Office for Civil Rights (“OCR”) presented certain findings regarding Health Insurance Portability and Accountability Act (“HIPAA”) compliance and enforcement to the National Committee on Health and Vital Statistics (“NCHVS”), an HHS advisory committee. The presentation reviewed OCR’s two recently issued reports to Congress. OCR is required to submit such reports under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The first report, “HIPAA Privacy, Security, and Breach Notification Rule Compliance,” examines the number and type of complaints received by OCR regarding HIPAA violations and the agency’s response. The second report, “Breaches of Unsecured Protected Health Information,” reviews breach notifications received by OCR and the agency’s response. The report also includes the agency’s first enforcement actions under the Breach Notification Rule.

Read More

Privacy Partner Dominique Shelton Authors Privacy Advisor Article on Hulu VPPA Case

Dominique Shelton, partner in Alston and Bird’s Privacy & Data Security practice and member of the Litigation and Trial Practice group, authored an article appearing on June 19 in International Association of Privacy Professionals' (IAPP) Privacy Advisor titled, “Court Denies Class-Action in Hulu Case, But There’s More." In the article, Shelton discusses the Hulu consumer class-action case that has been ongoing since July 2011. Shelton points out that any company that hosts video content on its website or mobile app and includes a “Like” button or other social networking plug-in should be following this case. The issue at-hand is whether or not the technology associated with the “Like” button constitutes a violation of the Video Privacy Protection Act (VPPA) by disclosing users’ viewing habits without their consent. Because this case touches so many companies, it is an important one to follow. The case resurfaced in the news this week because the court denied the plaintiffs’ putative class-action lawsuit, without prejudice.

Read More

Angela Burnette and Julia Dempewolf Publish Article On Student Privacy and Preventing Campus Violence

Angela Burnette, Counsel at Alston & Bird, and Julia Dempewolf, an associate at Alston & Bird, have compiled practical guidance for schools and universities to consider regarding student privacy and the prevention of school violence.  Their recent article, published by LexisNexis in Health Care Law Monthly, is entitled “Clarity Instead of Confusion: Available Solutions Under the HIPAA Privacy Rule and FERPA To Prevent Student Violence.”

Read More

Hulu: The Northern District of California Denies Class Certification without Prejudice on Grounds Class Not Ascertainable

Data privacy practices and related class action litigation continue to be super-hot topics that require close attention from companies. Brand damage, governance shakeups and congressional inquiries because of data practices should provide sufficient motivation to stay up-to-the minute in these critical areas. This advisory examines the latest developments in the Hulu litigation involving alleged violations of the Video Privacy Protection Act. While a California federal district court has denied certification of a class of Hulu video service users, it left the door open for future class cases in this emerging area.

The full Cyber Alert is available here

Written by Kim Chemerinsky, Senior Associate, Privacy & Data Security | Alston & Bird LLP

ComScore Reaches $14 Million Settlement in Electronic Privacy Class Action

June 17, 2014 | Posted by Dominique Shelton & Kim Chemerinsky | Topic(s): Federal Trade Commission (FTC), Privacy, Class Action, Big Data

On May 30, 2014, comScore Inc. announced that it has reached a $14 million settlement in the largest class ever certified in an Internet privacy lawsuit, composed of users who claim that comScore installed analytics software on their computers and sold their personal data to media outlets without their knowledge or consent. ComScore, a publicly-traded company, faced upwards of $1 billion in liability under various federal statutes aimed at protecting consumer privacy. This made it one of the largest (if not the largest) privacy class action certified in the country.

Read More

A+B Privacy Team Provides Analysis of California AG Privacy Report: New Best Practices Guidance Applies to all Businesses Collecting Personal Information from California Residents

In follow up to our previous blog, California AG Kamala Harris Issues Privacy Policy Guidance: Making Your Privacy Practices Public Contains Draft Tips for Website and Online Service Privacy Policies, regarding the release of the AG’s report, please see our recently released client advisory providing a detailed analysis of the new privacy guidance: California Attorney General Kamala Harris Releases Long-Anticipated Guidance Regarding Privacy Policy Notices . As conceived, the Report is designed to apply to all businesses, regardless of the country or state in which they operate, based on the California AG’s position that the California Online Privacy Protection Act (Cal-OPPA) applies to all companies that collect personal information about California residents through their websites, online services or mobile apps, even if the business has no other connection to California.

Written by Dominique Shelton, Partner, Privacy & Data Security and Litigation and Trial Practice and Paul Martino, Partner, Privacy & Data Security and Legislative & Public Policy| Alston & Bird LLP

Transmitting PHI by Email

Email has become an important mode of communication for business operations, with approximately 100 billion business emails sent in 2013 alone. Included in these messages are patients’ personal and health information, such as test results, diagnoses, and social security numbers. The Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) regulate the transmission of this sensitive information, known as protected health information (“PHI”), by Covered Entities, and in some circumstances, Business Associates.

Read More

Privacy, Innovation and Big Data Forum Hosted by Alston & Bird

May 15, 2014 | Posted by Privacy & Data Security Team | Topic(s): Mobile Technologies, Privacy, Social Media, Tracking, Big Data

On March 25, Alston & Bird hosted a forum titled, “Privacy, Innovation and Big Data: What Does the Future Hold.” David Keating, Partner and Co-Chair of the Firm’s Privacy and Security Practice, hosted a panel discussion that included Peter Swire, Nancy J. and Lawrence P. Huang Professor, Scheller College of Business, Georgia Institute of Technology, Jerry Jones, Chief Ethics and Legal Officer at Acxiom, Cindy Liebes, Federal Trade Commission Southeast Region, and constitutional lawyer Gerald R. Weber. Click here to view a video of the event.

Written by Privacy & Data Security | Alston & Bird LLP

12345678910