California Bill to Expand Data Security Breach Notification Law Clears Senate Hurdle

Posted on May 23, 2013 by Sheppard Mullin

By Rachel Tarko Hudson

Last week, the California state Senate passed S.B. 46, a bill to expand the triggering data under the existing data security breach notification law. Currently, breach notification in California is triggered by the unauthorized acquisition of an individual’s first name or initial and last name in combination with one or more of the following data elements, when either the name or the data elements are unencrypted: social security number; driver’s license or state identification number; account, credit card or debit card number in combination with any required security or access codes; medical information; or health information. S.B. 46 adds to the list of data elements, password, user name or security question and answer for an account other than a financial account. Like the existing list of personal information, this additional information must be in combination with the first name or initial and last name of the individual and one of the elements must be unencrypted in order to trigger the reporting requirement.

Continue Reading...
  • Print
  • Comments
  • Share Link

FTC Enacts COPPA Updates

Posted on December 19, 2012 by Sheppard Mullin

In October we reported that the FTC had issued its proposed updates to COPPA. Today it enacted these new rules.

  • Print
  • Comments
  • Share Link

FTC Proposes Updates to Children's Online Privacy Law

Posted on October 12, 2012 by Sheppard Mullin

The Federal Trade Commission recently proposed several updates to the Children's Online Privacy Protection Act of 1998 (COPPA).

COPPA currently provides that operators of websites and other online services that collect personal information online about children under 13, or whose websites or services are directed at children under 13, must:

Continue Reading...
  • Print
  • Comments
  • Share Link

Occupiers' Motion to Quash Subpoenas of Tweets Raises Privacy Questions

Posted on April 3, 2012 by Sheppard Mullin

By Craig Cardon and Rachel Tarko Hudson

Occupy protesters in New York are attempting to quash the Manhattan District Attorney's subpoenas of their tweets and Twitter account information. The protesters were arrested for obstructing the Brooklyn Bridge during a protest in October. The District Attorney wants to use the tweets to show that the protesters knew their actions were not sanctioned by the police. The D.A. is also attempting to obtain account information in order to connect anonymous Twitter accounts to their real owners. The protesters' motions argue that the subpoenas violate their privacy rights and their right to speak anonymously.

Continue Reading...
  • Print
  • Comments
  • Share Link

Facebook's Settlement With The FTC Is A Wake Up Call For Businesses To Review And Update Their Website Privacy Policy And Agreements

Posted on December 27, 2011 by Sheppard Mullin

By Michelle Sherman

The Federal Trade Commission ("FTC") is working hard to make sure consumers are not being misled about how websites and social networking sites are using their personal information. Companies that do not follow their own privacy policies are finding themselves the subject of FTC complaints.  It is therefore even more important for businesses to review and update their "privacy policy," "terms of use," and other legal agreements on their websites. This review should also include any company apps.

Continue Reading...
  • Print
  • Comments
  • Share Link

The Federal Trade Commission's Proposed Framework For Consumer Privacy Protection - The Basics

Posted on December 14, 2010 by Sheppard Mullin

By Michelle Sherman

The preliminary Staff Report issued by the FTC earlier this month is the most aggressive effort by the FTC to date on the issue of online and mobile privacy generally. The preliminary Staff Report proposes a "do not track" mechanism along with an overall online privacy framework that would rigidly regulate how information is collected both online and through mobile devices, how it can be used, and how it must be stored. Deviating from the distinction between "personally-identifiable information" and "non-personally-identifiable information" that has formed the foundation for other privacy regulations and legislation, the framework proposed in the preliminary Staff Report maintains that such dichotomy is no longer relevant. Because this is arguably a profound change in the existing state of regulation in this area, the preliminary Staff Report is being circulated for comment before it becomes final. This article provides a basic outline of the proposed framework for those who may not already be familiar with the preliminary Staff Report.
 

Continue Reading...
  • Print
  • Comments
  • Share Link

Businesses May Have Some Legal Recourse For Anonymous Smear Campaigns On The Internet

Posted on November 16, 2010 by Sheppard Mullin

By Michelle Sherman

Businesses are using Facebook fan pages and interactive ad campaigns to market their products and services on social media. One sided banner ads are making room for advertising that is more engaged with consumers. With this exchange of information also comes the risk of negative comments being posted that could be damaging to the company's brand.
 

Continue Reading...
  • Print
  • Comments
  • Share Link

Cyber-Bullying Does Not Happen In a Vacuum

Posted on October 18, 2010 by Sheppard Mullin

By Michelle Sherman

It takes a lot of bullying and cruelty to push someone to kill themselves. And, usually there are several opportunities to intervene and protect the victim. Bullying does not happen in a vacuum. There are witnesses.
 

Continue Reading...
  • Print
  • Comments
  • Share Link