FTA Releases Final Report on Consumer Privacy
|
|
- Nelson Russell
- 3 years ago
- Views:
Transcription
1 APRIL 3, 2012 PRIVACY, DATA SECURITY & INFORMATION LAW UPDATE FTC Releases Final Report on Consumer Privacy: Calls for Enhanced Practices and Further Congressional Action On March 26, 2012, the Federal Trade Commission ( FTC or Commission ) released its long-awaited report on consumer privacy, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers (the Report ). 1 The Report presents the Commission s conclusions drawn from its review of consumer privacy practices and regulations, including hundreds of comments from industry, consumer groups, and other stakeholders, following the FTC s call for a new privacy framework in a December 2010 preliminary staff report (the preliminary report ). 2 This report was issued as a Commission document, rather than a staff draft, over the dissent of Commissioner J. Thomas Rosch. The key concepts advanced by the FTC include the following: privacy by design, meaningful consumer choice, and industry transparency. The Commission suggests that the framework provided within the Report should serve as a baseline model for business-consumer privacy expectations. The Report states that the FTC will not proceed to enforce standards unless they already are part of existing law but clarification is lacking as to what that will mean in practice. By elaborating a baseline set of privacy expectations, the Report indicates that the FTC will continue its diminishment of the value of consumer-facing privacy policies. The Report also suggests that the Commission will increase its scrutiny of unfair privacy trade practices. Significantly, the Report offers no cost-benefit analysis to justify its new standards and does not acknowledge the importance of preserving innovation on the Internet as clearly as the FTC staff's preliminary report. 3 The new Commission document appears to be considerably more regulatory in tone and intent than the preliminary staff report and the White House approach, although the Commission expresses the belief that its framework is consistent with the policies outlined in the Obama Administration s Consumer Privacy Bill of Rights. The White House paper, titled Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and 1 FTC, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers (Mar. 26, 2012), hereinafter Report, available at 2 FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (Dec. 1, 2010) (hereinafter Report ), available at See Sidley Update: FTC Report Heralds Intensified Privacy Regulation (Dec. 16, 2010), available at 3 For an overview of the privacy framework as it was proposed in the preliminary report, see Sidley Update: FTC Report Heralds Intensified Privacy Regulation (December 16, 2010), available at This Sidley update has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers. Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, and One South Dearborn, Chicago, IL 60603, Prior results do not guarantee a similar outcome.
2 Page 2 Promoting Innovation in the Global Digital Economy ( Administration White Paper ), was released on February 23, The FTC intends the Report to help establish best industry practices and assist Congress in developing privacy legislation. The FTC also expects its Report to complement the Department of Commerce s parallel privacy initiative. 5 Notably, the FTC explains in the Report that it does not anticipate using the privacy framework elaborated within the Report as a predicate for future law enforcement actions under the FTC Act. In the Report, the Commission urges companies to implement best practices including making privacy the default setting for commercial data practices and providing consumers with control over the collection and use of their personal data to protect consumers personal information, enhance trust, and stimulate commerce. The FTC suggests that privacy by design, simplified choice for businesses and consumers, and greater transparency should be the basic tenets of companies privacy practices. The FTC plans to promote the implementation of the privacy framework through focusing on five major aspects of the framework. The FTC plans to work with the Digital Advertising Alliance and World Wide Web Consortium to advance international standards for Do Not Track, and with industry and the Department of Commerce to develop sector-specific codes of conduct as suggested in the Administration White Paper. The FTC asks the data broker industry to consider the creation of a centralized website to provide consumers with information about the industry and about how to access or exercise choice relating to their data. Finally, the FTC plans to host two public workshops in 2012: one workshop, on May 30, will focus on the development of improved privacy protections in the context of mobile services, including the adoption of short and effective privacy disclosures for use on mobile devices; the second workshop, scheduled for the second half of the year, will explore issues relating to how large platform providers, such as Internet Service Providers, operating systems, browsers, and social media, may comprehensively track consumers online activities. The Report differs in several respects from the framework outlined in the preliminary report. First, the FTC will not apply the privacy framework to companies collecting only non-sensitive data from fewer than 5,000 consumers per year, so long as the companies do not share the consumer data with third parties. Second, the Commission revised its approach to how companies should provide privacy choices to consumers: the Report advocates a context of the interaction standard, under which companies would not be required to provide consumers with choice prior to collection of the consumers data for practices that are consistent with the context of the transaction, consistent with the company s relationship with the consumer, or as required or authorized under law. In essence, this approach would favor first-party Internet advertisers and undercut third-party Internet advertisers and advertising networks and exchanges. Third, the Commission recommends that Congress consider enacting legislation to bring transparency for and control over information brokers practices, in addition to general, baseline privacy legislation. Fourth, and finally, the Report singles out the use of deep packet inspection for advertising/tracking purposes as a practice that is of special concern to the FTC. In particular, the FTC suggests that large platform providers, including internet service providers, browsers, and operating systems, might be subject to additional Commission scrutiny because of their ability to comprehensively track consumers. The FTC Privacy Framework The FTC intends the final privacy framework to explain best practices for companies working with consumer data and to assist Congress as it considers privacy legislation. Although the framework excludes many small businesses, it 4 See Sidley Update: White House Issues First Ever Administration-Level Data Privacy Framework (Feb. 29, 2012), available at 5 The FTC notes in the Report that Commission and Department of Commerce staff have communicated regularly with respect to developing a consistent approach to privacy protection. Report at 3. The FTC also notes that the new framework reflects similar international interest in developing more inter-operable systems.
3 Page 3 expressly applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device, unless the entity collects only non-sensitive data from fewer than 5,000 consumers per year and does not share the data with third parties. The FTC also took pains to ensure that the framework is seen as a complement to guidance existing under the Health Insurance Portability and Accountability Act ( HIPAA ), the Health Information Technology for Economic and Clinical Health Act ( HITECH ) and the Gramm- Leach-Bliley Act ( GLBA ) that will provide a baseline for companies not subject to sectoral regulation. The Commission asserts in the Report that, despite FTC involvement in its development and enforcement, the proposed framework will be self-regulatory. Privacy By Design. The framework reiterates the FTC s earlier call for adoption of privacy by design, explaining that companies should promote consumer privacy throughout their organizations and at every stage of product/service development. Practically, this means that companies should incorporate substantive privacy protection into their business practices, including through adoption of robust data security measures, reasonable limits on the collection of data, sound retention and disposal policies, and mechanisms for ensuring data accuracy. The FTC views these measures as being consistent with the policies outlined in the Obama Administration s Consumer Privacy Bill of Rights, although privacy by design was notably absent from the White House White Paper. According to the FTC, these procedures and policies should be maintained through the life cycle of a company s products/services, and might include the implementation of accountability mechanisms and of regular privacy risk assessments, although it does not provide anything more than generalized guidance about the desired type and level of such mechanisms and assessments. 6 Choice. The FTC also calls for simplified consumer choice as part of the privacy framework. In order to lessen the burden of this requirement, the agency made clear that certain commonly accepted or obvious practices do not require consumer choice: companies will not need to provide choice before collecting or using consumer data for practices that are obvious from the context of the transaction or with the company s relationship with the consumer, or as required or authorized under law. This approach reflects a potential expansion of the practices not requiring choice under the preliminary report s framework. Where consumer choice is required, the FTC stresses that companies should offer the choice at the time and in the context in which consumers are actually making choices about their data, as opposed through the use of more traditional privacy policies posted on advertiser websites. The FTC suggests that, generally, companies should obtain express consumer consent before using consumer data in ways that are materially different than the prospective uses cited when the data were collected, or when collecting sensitive data for certain purposes. Transparency. The final aspect of the FTC framework focuses on the Commission s aim to increase transparency in companies data practices. The FTC calls on companies to provide: clearer, shorter, and more standardized privacy policies that will allow consumers to better comprehend and compare privacy practices; reasonable access to consumers for data maintained about them, proportionate to the sensitivity of the data and the nature of its use; and expanded efforts to educate consumers. Discussion of What Constituted "Harm" In the Report, the Commission reiterates its perspective that privacy-related harms go beyond economic or physical harm or unwarranted intrusions. Instead, the Report urges, the privacy framework should recognize a more 6 The Report cites, as examples of how procedural safeguards might work in practice, the Commission s recent settlement orders with Google and Facebook. The orders mandate privacy programs that must, at a minimum, contain procedures or controls addressing (1) the designation of personnel responsible for management of the privacy program; (2) risk assessments addressing employee training and management, and product design and development; (3) implementation of controls to address identified risks; (4) appropriate oversight of service providers; and, (5) continual revision and adjustment in light of regular testing and monitoring. See In the Matter of Google, Inc., FTC Docket No. C-4336 (Oct. 13, 2011) (consent order), available at
4 Page 4 expansive range of harms that including those that might arise from unanticipated uses of consumer data. The FTC explains that, while imposing new privacy protections may be costly, it will ultimately help consumers and benefit businesses by encouraging and building consumer trust in the market, and that businesses are already marketing privacy as a competitive business advantage. Expanded Scope of Consumer Data The Report notes concerns about the decreasing relevance of the personally identifiable information ( PII ) label, referencing studies demonstrating consumer discomfort or objections to being tracked, regardless of the involvement or use of PII. The Report states that it was appropriate for the Commission to more comprehensively examine various types of data to determine whether they have privacy implications. As a result of its review since the preliminary report, the Commission s framework incorporates a more wide-ranging scope of data, including any data that, while not yet linked to a particular consumer, computer, or device, may reasonably become so. The Commission encourages companies to de-identify data and recognizes in the Report that contractual restrictions on re-identification are generally adequate safeguards, even though it theoretically might be mathematically or practically possible to re-identify data. Accordingly, the Commission clarifies in the Report its reasonable linkability standard. Under this standard, in order to establish that data are not reasonably linkable to a particular consumer or device, a company must: (1) take reasonable measures to ensure de-identification of data; (2) publicly commit to maintain and use the data in a de-identified fashion; and (3) contractually prohibit downstream entities with which the company shares the data from attempting to re-identify the data. Take it or Leave it Choice The Report addresses instances where consumer use of a particular service or product is contingent upon acceptance of the company s data practices, which the Commission refers to as a take-it-or-leave-it privacy choice. The Commission notes that this approach is problematic from a privacy perspective, particularly in markets where consumers have limited choices, and might not offer consumers what the Commission would consider to be a meaningful choice. It is not clear that the FTC believes meaningful choice requires a cost-less choice, as some European regulators have advocated, or merely a more robust disclosure of costs associated with choice. Instead, the FTC suggests that these one-sided transactions may place consumers privacy interests at risk, and that take-it-orleave-it choice is only acceptable for less important products and services in markets with sufficient alternatives and where the terms of the exchange are transparent and fairly disclosed. Do Not Track The Report reiterates the Commission s desire for a workable Do Not Track mechanism, and applauds industry efforts to improve consumer control over behavioral tracking. In encouraging industry development of the Do Not Track mechanism, the FTC reiterates that the mechanism should include five key principles: (1) the mechanism should be universally implemented to cover all parties that would track consumers; (2) the mechanism should be easy for consumers to find, understand, and use; (3) the choices should be persistent and not subject to easy or accidental override; (4) the system should be comprehensive, effective, and enforceable; and (5) the mechanism should opt consumers out of all collection of behavioral data for all purposes other than those consistent with the context of the interaction. Deep Packet Inspection The Report singles out that the use of deep packet inspection ( DPI ) for advertising/tracking purposes as of particular concern to the FTC. The Report notes general consensus among commentators that DPI deployed for
5 Page 5 marketing purposes is distinct from other forms of marketing practices employed by companies which have first-party relationships with consumers, and thus at a minimum should require consumer choice. The report does not address, however, the effects of this approach in skewing the market for Internet advertising to Internet sites and away from Internet providers. Despite the fact that Internet providers tend to have a closer relationship with consumers than the websites they visit, the FTC folds this analysis in with the framework s general consideration of companies with firstparty relationships tracking consumers across other websites, noting that DPI, like social plug-ins, cookies, and web beacons, should require consumer choice when it is deployed across other parties websites. FTC rejected the argument that a major cross-platform provider like Google can develop as comprehensive a picture of users' data as DPI would allow. Affiliates and Cross-Channel Marketing The Report maintains the Commission s view that affiliates are third parties, necessitating consumer choice before data transfer, unless the affiliate relationship is clear to consumers, e.g., through common branding. In instances where the relationship is not clear, the Commission suggests that consumer notification and consent would be necessary. The Commission agrees with commentators, however, that cross-channel or cross-platform marketing, wherein a company establishes a relationship through one medium and contacts a consumer through another, falls within the first-party marketing concept and would not require obtaining additional choice or consent. Data Enhancement The FTC addresses in the Report how companies should view data enhancement, where companies append thirdparty-sourced data to data obtained directly from consumers. The Commission notes that requiring the first-party company to offer consumers choice over data enhancement would impose costs and logistical problems that could preclude the range of benefits that data enhancement facilitates. Instead, as the framework already suggests, companies seeking to share data relating to customers with third parties should offer consumer choice. Thus, the third-party sharing the data used to enhance the first-party s data would be responsible under the framework for offering consumer choice. Consumer Choice for First-Party Marketing The Report explains the Commission s view that affirmative express consent is an appropriate safeguard for instances in which a company uses sensitive data for first-party or third-party marketing, and that special consideration must be given to protecting sensitive data. As a result, even companies which collected sensitive data through a first-party relationship should offer consumer choice before using any sensitive data for marketing. In instances where a company s business model is predicated on targeting consumers based on sensitive data (e.g., data relating to financial affairs, health, or children), the FTC suggests that the company seek affirmative express consent prior to collecting data from those consumers. Data Brokers The Commission defines data brokers as companies that collect information, including personal information about consumers, from a wide variety of sources for the purpose of reselling such information to their customers for various purposes, including verifying an individual s identity, differentiating records, marketing products, and preventing financial fraud. The Report explains that the FTC has sought additional Congressional legislation addressing data brokers since 2009, and again requests that Congress develop legislation further regulating data brokers practices to increase transparency in the industry and to enhance consumer access and control over data held by data brokers.
6 Page 6 At the same time, the Report suggests that the data broker industry should explore the idea of establishing a centralized website for data brokers to (a) identify themselves to consumers and (b) provide consumers with information about data collection, consumer access rights, and consumer choice. Industry Efforts, Implementation, and Enforcement Notably, the Commission recognizes that industry has made progress since the preliminary report, including its response to the preliminary report s call for Do Not Track, and urges industry to accelerate the pace of selfregulation. The FTC also explicitly states that the Report s framework is not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC in instances where the framework appears to go beyond existing legal requirements. The Commission also notes that it will view adherence to its proposed sector-specific codes of conduct favorably in connection with its law enforcement work. Nonetheless, the Report reflects a shift in the Commission s interpretation of the FTC Act in the privacy and data protection context: whereas FTC privacy enforcement has traditionally been predicated on rooting out deceptive trade practices, the Report and recent cases suggest that the Commission is increasingly concerned about unfair trade practices as they relate to privacy. Commissioner Rosch s Dissent Commissioner J. Thomas Rosch dissented from the issuance of the Report. While noting that he agrees in several respects with the Report s findings, and applauding the Report s recommendations for congressional legislation, Rosch voiced concerns relating to several parts of the Report, including its use of language that hints at the prospect of future law enforcement. Rosch questioned the constitutionality of banning take-it-or-leave-it choice and noted that the Report adopted language most friendly to consumer organizations and large enterprises when labeling behavioral tracking as unfair and considering reputational harm as deserving of Commission redress. In particular, Rosch questioned the Report s apparent mandate that ISPs use opt-in choice before deploying deep packet inspection, while not requiring the same of other large platform providers, suggesting instead that, for all large platform providers, affirmative express consent should be required only in instances where the provider actually seeks to use data to create detailed and comprehensive customer profiles. If you have any questions regarding this update, please contact Andrew J. Strenio, Jr. ( , astrenio@sidley.com), Edward R. McNicholas ( , emcnicholas@sidley.com), Alan Charles Raul ( , araul@sidley.com), Jonathan P. Adams ( , jpadams@sidley.com), or the Sidley lawyer with whom you usually work. The Privacy, Data Security & Information Law Practice of Sidley Austin LLP We offer clients an inter-disciplinary, international group of lawyers focusing on the complex national and international issues of data protection and cyber law. The group includes regulatory compliance lawyers, litigators, financial institution practitioners, healthcare lawyers, EU specialists, IT licensing and marketing counsel, intellectual property, and white collar lawyers. Sidley provides services in the following areas: Privacy and Internet Litigation and Regulatory Advice Data Breach, Incident Response, and Cybersecurity Advice Global Data Protection and Information Security Information Governance Assessments and Compliance Programs International Data Transfer Solutions, Outsourcing and Cross-Border Issues Cyberlaw, E-Commerce, Social Media, Cloud Computing and Internet Issues EU, China and Japan Compliance Counseling Gramm-Leach-Bliley and Financial Privacy
7 Page 7 HIPAA and Healthcare Privacy Communications Law and Data Protection Workplace Privacy and Employee Monitoring Unfair Competition, Advertising and Consumer Protection Website Policies Online Trademarks and Domain Name Protection Records Retention, Electronic Discovery, Government Access and National Security To receive future copies of this and other Sidley updates via , please sign up at BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Sidley Austin LLP, a Delaware limited liability partnership which operates at the firm s offices other than Chicago, New York, Los Angeles, San Francisco, Palo Alto, Dallas, London, Hong Kong, Houston, Singapore and Sydney, is affiliated with other partnerships, including Sidley Austin LLP, an Illinois limited liability partnership (Chicago); Sidley Austin (NY) LLP, a Delaware limited liability partnership (New York); Sidley Austin (CA) LLP, a Delaware limited liability partnership (Los Angeles, San Francisco, Palo Alto); Sidley Austin (TX) LLP, a Delaware limited liability partnership (Dallas, Houston); Sidley Austin LLP, a separate Delaware limited liability partnership (London); Sidley Austin LLP, a separate Delaware limited liability partnership (Singapore); Sidley Austin, a New York general partnership (Hong Kong); Sidley Austin, a Delaware general partnership of registered foreign lawyers restricted to practicing foreign law (Sydney); and Sidley Austin Nishikawa Foreign Law Joint Enterprise (Tokyo). The affiliated partnerships are referred to herein collectively as Sidley Austin, Sidley, or the firm.
California Supreme Court Issues Ruling in Brinker Clarifying Employers Duty to Provide Meal and Rest Breaks to Hourly Employees
APRIL 13, 2012 CALIFORNIA EMPLOYMENT & LABOR UPDATE California Supreme Court Issues Ruling in Brinker Clarifying Employers Duty to Provide Meal and Rest Breaks to Hourly Employees In one of the most anticipated
More informationFINANCIAL INSTITUTIONS REGULATORY UPDATE
OCTOBER 19, 2009 FINANCIAL INSTITUTIONS REGULATORY UPDATE The Financial Institutions Regulatory Practice Group of Sidley Austin LLP The Financial Institutions Regulatory Practice group offers counseling,
More informationUK OFT Investigation into Health Markets
MARCH 23, 2011 EU LIFE SCIENCES UPDATE UK OFT Investigation into Health Markets Executive Summary On 10 March 2011, the Office of Fair Trading (OFT) formally launched a market study into private healthcare.
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationFINRA and MSRB Issue Guidance on Best Execution Obligations in Equity, Options and Fixed Income Markets
DECEMBER 9, 2015 SIDLEY UPDATE FINRA and MSRB Issue Guidance on Best Execution Obligations in Equity, Options and Fixed Income Markets Financial Industry Regulatory Authority, Inc. (FINRA) and the Municipal
More informationINVESTMENT FUNDS. SEC Proposes First Dodd-Frank Investment Advisers Act Rule to Address Family Offices. What Is a Family Office?
OCTOBER 22, 2010 INVESTMENT FUNDS SEC Proposes First Dodd-Frank Investment Advisers Act Rule to Address Family Offices Section 409(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the
More informationCloud Computing: Business Benefits, Legal Uncertainties, Risks and Strategies
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Cloud Computing: Business Benefits, Legal
More informationTim Cowen Sidley Austin LLP. Legal issues, technology risks, and cloud computing.
Tim Cowen Sidley Austin LLP. Legal issues, technology risks, and cloud computing. Outline Current legal issues relating to Cloud Computing. Context: the increasingly global technology stack. Emerging risks
More informationDelaware Insurable Interest Law Developments
OCTOBER 12, 2011 Delaware Insurable Interest Law Developments INSURANCE UPDATE On September 20, 2011, the Delaware Supreme Court (the DE Supreme Court ) issued an opinion interpreting several provisions
More informationTechnology Assisted Review Goes Left: Predictive Analytics In Information Governance
BEIJING BOSTON BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Technology Assisted Review
More informationDefining and Managing Reputation Risk
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG HOUSTON LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Defining and Managing Reputation
More informationOnline Interest-Based Advertising: The Road Traveled and the Road Ahead
Online Interest-Based Advertising: The Road Traveled and the Road Ahead Genie Barton VP & Director, Online Interest-Based Advertising Program Advertising Self-Regulatory Council (ASRC)/ Council of Better
More informationGovernment Dimensions of Cloud Computing
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Government Dimensions of Cloud Computing
More informationIssues in insurance company mergers & acquisitions
Issues in insurance company mergers & acquisitions By Perry J. Shwachman, Anthony J. Ribaudo and R. Bradley Drake, Sidley Austin LLP The completion of a successful merger or acquisition involving insurance
More informationACCOUNTANTS LIABILITY UPDATE
JULY 14, 2010 ACCOUNTANTS LIABILITY UPDATE Accountants Liability Practice With highly skilled and experienced lawyers in Chicago, Los Angeles, New York, San Francisco and Washington, D.C., we are able
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationNAIC REINSURANCE COLLATERAL REFORM
NAIC REINSURANCE COLLATERAL REFORM BY CHARLENE C. McHUGH After several years of deliberation, on November 6, 2011, the National Association of Insurance Commissioners (NAIC) passed amendments to its Credit
More informationLatham & Watkins Health Care Practice
Number 928 September 9, 2009 Client Alert Latham & Watkins Health Care Practice Violation of this rule will be treated by the FTC as an unfair or deceptive act in violation of the Federal Trade Commission
More informationComing to a Website Near You: More Irrelevant Advertisements
Coming to a Website Near You: More Irrelevant Advertisements December 17, 2010 12:09 am "The Debate" is a column focused on the current debate around ad targeting and consumer privacy. Today's article
More informationRegistration; Amendments or Updates to Registration
FEBRUARY 7, 2011 INVESTMENT MANAGEMENT UPDATE Registered Investment Adviser Annual Reviews; Calendar of Certain 2011 Significant Dates for Advisers Investment advisers that are registered with the Securities
More informationJanuary 28, 2011. Re: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework Comment, Docket No.
475 Anton Boulevard Costa Mesa, CA 92626 www.experian.com January 28, 2011 Via Email: privacynoi2010@ntia.doc.gov National Telecommunications and Information Administration U.S. Department of Commerce
More informationPolicy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX
Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications
More informationThinking Ahead: Breaking Down FINRA s Revised Proposed Fixed-Income Research Rule
FINANCIAL INSTITUTIONS ADVISORY & FINANCIAL REGULATORY CLIENT PUBLICATION March 2013 Thinking Ahead: Breaking Down FINRA s Revised Proposed Fixed-Income Research Rule If you wish to receive more information
More informationU.S. Information Privacy Law
U.S. Information Privacy Law Ivan Rothman Joseph Grasser January 28, 2014 Introduction and Agenda Sources of US Privacy Law Some Basic Concepts Sectors of US Privacy Law Non-Sector Specific Issues Privacy
More information2016 SIDLEY PRELAW SCHOLARS PROGRAM
2016 SIDLEY PRELAW SCHOLARS PROGRAM The Sidley Prelaw Scholars Program is designed to increase diversity in law schools and the legal profession by helping diverse, high-performing college students with
More informationCloud Computing: Privacy, Security and Other Issues and Obligations
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Cloud Computing: Privacy, Security and Other
More informationHIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
More informationTOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS
TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS JULY 2012 Overview Members of the toy industry are fast embracing the world of mobile applications ( apps ). Apps offer a new world of engaging content
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationSeptember Edition of Notable Cases and Events in E-Discovery
SEPTEMBER 24, 2014 E-DISCOVERY UPDATE September Edition of Notable Cases and Events in E-Discovery This update addresses the following recent developments and court decisions involving e-discovery issues:
More informationNew York State Labor Law Amendments Affecting Proof in Pay Discrimination Cases and Employer Policies Concerning Wage Disclosure
New York State Labor Law Amendments Affecting Proof in Pay Discrimination Cases and Employer Policies Concerning Wage Disclosure Amendments Alter Burden of Proof in Gender-Based Pay Cases and Bar Employer
More informationQUESTIONS FOR COMMENT ON PROPOSED FRAMEWORK
QUESTIONS FOR COMMENT ON PROPOSED FRAMEWORK Scope Are there practical considerations that support excluding certain types of companies or businesses from the framework for example, businesses that collect,
More informationThe Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationData Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States
Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Introduction When it comes to Personally Identifiable Information (PII), privacy laws and regulations
More informationThank you for the opportunity to join you here today.
Ambassador Daniel A. Sepulveda Remarks on the U.S. Privacy Framework and Signals Intelligence Reforms November 3, 2015 Digital Europe Brussels, Belgium Thank you for the opportunity to join you here today.
More informationIncreased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures
Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures March 11, 2014 I. RECENT FOCUS ON CYBERSECURITY As a result of recent highly-publicized
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationWHAT DOES THE FUTURE LOOK LIKE FOR MARKETING IN CYBERSPACE?
WHAT DOES THE FUTURE LOOK LIKE FOR MARKETING IN CYBERSPACE? Keynote Address for the Consumer Marketing, Advertising, Distribution and Sales Conference Suffolk University Law School March 23, 2012 Good
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058.
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationSEC Staff Addresses Third-Party Endorsements of Investment Advisers on Social Media Websites
April 2014 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Private Equity SEC Staff Addresses Third-Party Endorsements of By Michael W. McGrath and Sonia R. Gioseffi On
More informationHealth Care Entities Get Clarity from FCC on Telephone Communications
10 August 2015 Practice Group(s): Health Care Telecom, Media and Technology Health Care Entities Get Clarity from FCC on Telephone Communications By Martin L. Stern, Samuel R. Castic, Ryan J. Severson
More informationWhite House Report May Have Long-Term Effect on Consumer Privacy and How Companies Do Business
White House Report May Have Long-Term Effect on Consumer Privacy and How Companies Do Business April 10, 2012 Boston Brussels Chicago Düsseldorf Houston London Los Angeles Miami Milan Munich New York Orange
More informationCybersecurity: What In-House Counsel Needs to Know
Cybersecurity: What In-House Counsel Needs to Know November 19, 2013 Vivian A. Maese vivian.maese@dechert.com 2013 Dechert LLP So what does all of the legal activity in cybersecurity mean to you? The top
More informationNew York City Council Passes Bill Banning Use of Credit Checks in Employment Decisions
New York City Council Passes Bill Banning Use of Credit Checks in Employment Decisions Amendment to the New York City Human Rights Law Makes It an Unlawful Discriminatory Practice for Most Employers to
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationAcquisition Transaction Reinsurance: Key Concepts SEAN KEYVAN AND JEREMY WATSON, SIDLEY AUSTIN LLP
Acquisition Transaction Reinsurance: Key Concepts SEAN KEYVAN AND JEREMY WATSON, SIDLEY AUSTIN LLP Agenda Introduction to Reinsurance Reinsurance in the context of an Acquisition Transaction Regulatory
More informationHIPAA and Beyond: The Evolving Landscape of Health Privacy
HIPAA and Beyond: The Evolving Landscape of Health Privacy Melissa Bianchi, Hogan Lovells US LLP Ann Tobin, UnitedHealth Group IAPP Global Privacy Summit, March 9, 2012 No Longer Just HIPAA New developments
More informationSupreme Court Clarifies Statute of Limitations Applicable to False Claims Act Whistleblower Suits Against Government Contractors
Supreme Court Clarifies Statute of Limitations Applicable to False Claims Act Whistleblower Suits Against Government Contractors In Kellogg Brown & Root Services, Inc., et al. v. United States ex rel.
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationSUMMARY. 2. Covered information, which is the key term, is very broadly defined and includes the following with respect to an individual:
CLIENT MEMORANDUM DRAFT FEDERAL PRIVACY BILL WOULD DRAMATICALLY AFFECT HOW A WIDE RANGE OF COMPANIES COLLECT, USE, AND DISCLOSE CERTAIN INFORMATION ABOUT INDIVIDUALS, BOTH ONLINE AND OFFLINE On May 4,
More informationNew York Employment Law Update
Recent Legislative Developments in New York State Regarding Reductions in Force and Criminal Conviction Records SUMMARY A number of new New York State statutes of significance to employers will soon become
More informationHow To Respond To The Nti'S Request For Comment On Big Data And Privacy
Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry
More informationBackground. 9 September 2015. Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance
9 September 2015 Practice Groups: Investment Management, Hedge Funds and Alternative Investments Broker-Dealer Finance Cybersecurity Update: National Futures Association Proposes Cybersecurity Guidance
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationPrivacy & Security: What You Need to Know Now and Next Year
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Privacy & Security: What You Need to Know
More informationWhistleblower Provisions
SEC Issues Final Rules Implementing the Dodd-Frank Whistleblower Provisions SUMMARY On May 25, 2011, the Securities and Exchange Commission voted 3 to 2 to approve the final rules implementing the whistleblower
More informationSIDLEY PRELAW SCHOLARS INITIATIVE
2014 SIDLEY PRELAW SCHOLARS INITIATIVE The Sidley Prelaw Scholars Initiative is designed to increase diversity in law schools and within the legal profession by helping racially diverse, high-performing
More informationApril Edition of Notable Cases and Events in E-Discovery
APRIL 16, 2015 E-DISCOVERY UPDATE April Edition of Notable Cases and Events in E-Discovery This update addresses the following recent developments and court decisions involving e-discovery issues: 1. A
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationDMA COMMENTS ON STEARNS AND BOUCHER PRIVACY LEGISLATION DISCUSSION DRAFT
DM Unplugged What's New Contact Us Login MyDMA Home Membership Advocacy Events and Education News Research Corporate Responsibility DMA Bookstore About DMA Search: click here GO! DMA COMMENTS ON STEARNS
More informationSEC s Proposed Rules for Implementing Dodd-Frank Whistleblower Provisions: Important Implications for Employers. November 12, 2010
SEC s Proposed Rules for Implementing Dodd-Frank Whistleblower Provisions: Important Implications for Employers November 12, 2010 The Securities and Exchange Commission (SEC) has proposed rules to implement
More informationPrivacy Statement. What Personal Information We Collect. Australia
Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect
More informationEnvironment, Health And Safety. Ensuring Your Company s European Operations are Compliant with New EU Regulations and Enforcement Measures
Environment, Health And Safety Ensuring Your Company s European Operations are Compliant with New EU Regulations and Enforcement Measures WHAT IS THE THREAT TO YOUR COMPANY S COMPLIANCE RECORD AND GOOD
More informationPrivacy in the Cloud Computing Era. A Microsoft Perspective
Privacy in the Cloud Computing Era A Microsoft Perspective November 2009 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date
More informationWESTLAW JOURNAL COMPUTER & INTERNET
Westlaw Journal COMPUTER & INTERNET Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 30, ISSUE 21 / MARCH 22, 2013 Expert Analysis The FTC and Mobile Privacy By John L. Hines
More informationNew York Court of Appeals Announces New Rules Governing Practice in New York by Attorneys Not Admitted in the State
New York Court of Appeals Announces New Rules Governing Practice in New York by Attorneys Not Provisions Permit Temporary Practice by Non-New York Attorneys and Registration of Non-U.S. Lawyers as In-House
More informationBroker-Dealer Audit and Reporting Updates
PCAOB Report and New SEC Rules Address Audit, Financial Reporting, Internal Control and Risk Management Issues Relating to Broker-Dealers These Developments May Be Relevant for Audit Committees of Public
More informationComments of the Coalition for Privacy and Free Trade. to the. Trade Policy Staff Committee of the United States Trade Representative
www.privacyandtrade.org to the Trade Policy Staff Committee of the United States Trade Representative May 9, 2013 The Coalition for Privacy and Free Trade ( Coalition or CPFT ) represents the views of
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationSocial Media - 10 Fundamental Questions All Businesses Consider
January 2015 Practice Group(s): Corporate/ M&A Technology Transactions Social Media: 10 Fundamental Questions All Businesses Should Consider About Their Online Presence By Holly K. Towle, Kendra H. Nickel-Nguy
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationFTC Consumer Protection Priorities In 2015
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com FTC Consumer Protection Priorities In 2015 Law360,
More informationAugust 28, 2015. Re: In the Matter of Nomi Technologies, Inc., File No. 1323251
UNITED STATES OF AMERICA Federal Trade Commission WASHINGTON, D.C. 20580 Office of the Secretary August 28, 2015 Michelle Lease Policy Counsel Application Developers Alliance Re: In the Matter of Nomi
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationThe Telephone Consumer Protection Act: Compliance Developments and What to Expect in 2015
The Telephone Consumer Protection Act: Compliance Developments and What to Expect in 2015 November 2014 Mark W. Brennan, Partner Overview Overview of the TCPA Recent Developments Issues to Watch What You
More informationSupreme Court Decision Affirming Judicial Right to Review EEOC Actions
Supreme Court Decision Affirming Judicial Right to Review EEOC Actions The Supreme Court Holds That EEOC s Conciliation Efforts Are Subject to Judicial Review, Albeit Narrow SUMMARY A unanimous Supreme
More informationAn Executive Overview of GAPP. Generally Accepted Privacy Principles
An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business
More informationFebruary 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580
February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework
More informationGovernment Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution
Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile
More informationLong-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates
Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health
More informationIntroduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery
Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data
More informationDue Diligence in Regulation D Offerings
FINRA Provides Guidance on the Obligation of Broker-Dealers to Conduct Reasonable Investigations in Regulation D Offerings SUMMARY FINRA has published a regulatory notice providing guidance to broker-dealers
More information[ 2014 Privacy & Security Update ].
U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.
More informationCrossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong
Legal Update Privacy & Security Hong Kong 20 January 2015 Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong Section 33 of the Hong Kong Personal Data (Privacy) Ordinance
More informationSECURITIES AND EXCHANGE COMMISSION FORM 8-K. Current report filing
SECURITIES AND EXCHANGE COMMISSION FORM 8-K Current report filing Filing Date: 2007-09-27 Period of Report: 2007-09-27 SEC Accession No. 0000905148-07-006297 (HTML Version on secdatabase.com) IndyMac INDA
More information2014 Amendments Affecting Delaware Alternative Entities and the Contractual Statute of Limitations
August 2014 Practice Groups: Corporate/M&A Private Equity 2014 Amendments Affecting Delaware Alternative Entities By Scott E. Waxman, Eric N. Feldman, Nicholas I. Froio, Andrew Skouvakis, Zachary L. Sager
More informationSocial Marketing & Liability
Social Marketing & Liability Fred E. Karlinsky, Esq. Co-Chair, Insurance Regulatory & Transactions Practice Shareholder, Greenberg Traurig Louisiana Insurers Conference Insurance Compliance Seminar August
More informationRe: Big Data Request for Information
March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C. 20502 Ladies and Gentlemen: Re: Big Data Request
More informationCorporate Governance of Delaware Corporations
Corporate Governance of Delaware Corporations Delaware Adopts Amendments to the Delaware General Corporation Law Relating to Corporate Governance SUMMARY The Delaware legislature has enacted a number of
More informationTax Court Addresses Implied Waiver of the Attorney-Client Privilege
Tax Court Addresses Implied Waiver of the Attorney-Client Privilege The Tax Court Holds That Raising Good-Faith and State-of-Mind Defenses to Accuracy-Related Penalties Could Result in an Implied Waiver
More informationChanges to New York Power of Attorney Law
New York Amends Power of Attorney Law Retroactively SUMMARY The New York Legislature has now passed, and the Governor has signed, amendments to the New York Power of Attorney Law, Sections 5-1501 5-1514
More informationThe Digital Marketing Ecosystem: Trends, Risks and Obligations
The Digital Marketing Ecosystem: Trends, Risks and Obligations Teena H. Lee, Vice President, Privacy and E-commerce Counsel The Estée Lauder Companies Inc. Bridget C. Treacy, Partner, Hunton & Williams
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationSpeakers. Navigating Through The Legal Complexities And Cloudy Conditions To Implement A Successful Global OBA Program
Speakers Navigating Through The Legal Complexities And Cloudy Conditions To Implement A Successful Global OBA Program Speakers: Ashlen Cherry, Americas Privacy Officer, Dell, ashlen_cherry@dell.com Ruth
More informationPrivacy and Data Protection
Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 hp.com HP Policy Position Privacy and Data Protection Current Global State of Privacy and Data Protection The rapid expansion and pervasiveness
More informationFebruary Edition of Notable Cases and Events in E-Discovery
FEBRUARY 12, 2015 E-DISCOVERY UPDATE February Edition of Notable Cases and Events in E-Discovery The January 2015 Case Notes discuss the following: 1. A Nebraska federal court decision citing the proportionality
More information