Rash California Minors Get An Online “Eraser Button”

We’ve all done it: typed or tapped out a message, posted it online, and immediately wished we hadn’t and that we could just erase it from the Internet forever. Now, if you are a California minor, you can. Sort of.

California Governor Jerry Brown recently signed into law S.B. 568, the first bill of its kind in the nation. S.B. 568 enacts two new statutes under the title “Privacy Rights for California Minors in the Digital World.” The first, Business and Professions Code section 22580, prohibits advertising certain products to minors online (see blog post here).  The second, Business and Professions Code section 22581, requires businesses to provide an online “eraser button” for remorseful minors.

Continue Reading

Products or Services That Cannot Be Sold To California Minors Cannot Be Advertised To Them Online, Either

California Governor Jerry Brown recently signed into law S.B. 568, the first bill of its kind in the nation. S.B. 568 enacts two new statutes under the title “Privacy Rights for California Minors in the Digital World.” The first, Business and Professions Code section 22580, prohibits advertising certain products to minors online. The second, Business and Professions Code section 22581, requires businesses to provide an online “eraser button” for remorseful minors (see blog post here).

Continue Reading

California Enacts New Data Privacy Laws

As part of a flurry of new privacy legislation, California Governor Jerry Brown signed two new data privacy bills into law on September 27, 2013: S.B. 46 amending California’s data security breach notification law and A.B. 370 regarding disclosure of “do not track” and other tracking practices in online privacy policies. Both laws will come into effect on January 1, 2014.

Continue Reading

California Online Tracking Disclosure Bill Heads to Governor for Signature

Many companies operating commercial websites and online services will likely need to update their privacy policies soon to comply with new requirements in California. After passing the Assembly and the Senate in a series of unanimous votes, A.B. 370 is now before the Governor for signature, which is expected soon.

Continue Reading

Cybersecurity: 36 Questions Every Director Should Ask

Cyber security, data loss, hacking and schemes to steal personal information and assets electronically are all over the news daily. Companies are the primary targets of these actions since they accumulate information, store it and use it for their internal efforts, for their clients and in interacting with the world outside. In an effort to prevent problems before they arise, and to be in the best possible posture should their company become a victim of these damaging events, below is a list of questions that general counsel, senior management and corporate directors should be asking of themselves and their companies:

Continue Reading

Was AdChoices Just Flipped the (Twitter)Bird on Behavioral Targeting?

It appears that users won’t be seeing the blue AdChoices triangle icon on Twitter anytime soon. AdChoices and its blue triangle icon are the work of the Digital Advertising Alliance (a consortium of trade groups) to provide users with disclosure of and the ability to opt out of targeted behavioral advertising (e.g. ads based on websites visited). This industry self-regulatory option was intended to be a broad and unifying option to stave off governmental regulation.

Continue Reading

FTC Updates COPPA FAQs

Following up on the new Children’s Online Privacy Protection Act (COPPA) Rule that went into effect on July 1, 2013, the Federal Trade Commission has released an updated set of FAQs to provide additional clarity and information about the new Rule. Notably, the FAQs provide further guidance on COPPA’s “actual knowledge” standard as well as regarding the newly added and revised categories of personal information included in the new Rule.

Continue Reading

California Bill to Expand Data Security Breach Notification Law Clears Senate Hurdle

Last week, the California state Senate passed S.B. 46, a bill to expand the triggering data under the existing data security breach notification law. Currently, breach notification in California is triggered by the unauthorized acquisition of an individual’s first name or initial and last name in combination with one or more of the following data elements, when either the name or the data elements are unencrypted: social security number; driver’s license or state identification number; account, credit card or debit card number in combination with any required security or access codes; medical information; or health information. S.B. 46 adds to the list of data elements, password, user name or security question and answer for an account other than a financial account. Like the existing list of personal information, this additional information must be in combination with the first name or initial and last name of the individual and one of the elements must be unencrypted in order to trigger the reporting requirement.

Continue Reading

Who Owns Your Online Persona?

Eagle v. Morgan, 2013-11-4303 (E.D. Pa. 2013), represents one of the first trials on the issue of who owns social media accounts: the individual employee who first created the account or the employer whose business was promoted using the account? In Eagle a company’s founder sued her former employer for the alleged illegal use of her LinkedIn account. The U.S. District Court for the Eastern District of Pennsylvania held that an employer’s conduct, absent a company social media policy, resulted in the torts of unauthorized use of name, invasion of privacy by misappropriation and misappropriation of publicity. The court, however, held the employer not liable for conversion, tortious interference with contract, civil conspiracy and civil aiding and abetting. Lastly, the court rejected the employer’s counterclaims of misappropriation and unfair competition.

Continue Reading

LexBlog