Privacy Bulletin: Issue No. 25

In the News

UPDATES TO MASSACHUSETTS ID THEFT REGULATIONS EFFECTIVE MARCH 1, 2010: On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) announced adjustments to the ID Theft regulations, which will now take effect March 1, 2010. The updated regulations are technology neutral and foster a risk-based approach that takes into account a business’ size, nature of its business, the kinds of records it maintains, and the risk of identity theft posed by its operations. The changes were made to balance consumer protections with the needs of small businesses. A public hearing on the changes will take place on September 22, 2009.
Maine Law Restricting Marketing to Minors Effective September 12, 2009: On September 12, 2009, Maine’s Act to Prevent Predatory Marketing Practices Against Minors (LD 1183, Conway) will take effect. The Act prohibits knowing collection of receiving, selling or otherwise transferring health-related information or personal information for marketing purposes from a minor without obtaining verifiable parental consent. The statute also allows for a private right of action to recover damages and civil penalties for each violation.

German Marketing Opt-in to Take Effect September 1, 2009: A German law, passed by the Legislature in July 2009, requiring retailers to obtain permission (opt-in) from consumers prior to using personal data for marketing purposes, will take effect on September 1, 2009. A transitional period will extend through August 31, 2012, for data collected prior to September 2009. The law requires businesses to obtain consumers’ permission to use their address data unless a preexisting relationship exists or if the source of the third party data is clearly stated on the direct mail envelope. The new rules make it much harder to engage in direct mail marketing in Germany and do not apply to email communications, which already require consumer opt-in.

Search Engines Held Liable in Argentine Court for Posting Third Party Content: On July 29, 2009, Argentine National Civil Court No. 75 in Buenos Aires held Google and Yahoo! liable for posting links to risqué pictures of a model, posted without her consent, on a third party website. The Court found that without participation from the search engines, access to the material on the sites would not have been possible and the search engines boosted the site’s exposure. Google and Yahoo! will each pay approximately $26,000 in damages plus interest.

California Adopts Data Disposal Law: On August 6, 2009, the California Assembly passed AB 1094 (Conway) requiring businesses to dispose of individuals’, and employees’ records with as much care as those records of consumers. The existing law requires that a business take all reasonable steps to destroy, or arrange for the destruction of, any customer’s records within its custody or control that it no longer intends to retain. Destruction can be achieved by shredding or erasing the information, or otherwise making it unreadable or undecipherable. The bill also modifies the remedy available. Previously, only “specified civil remedies” were available such that violations would be punishable by misdemeanor.

Acting White House Cybersecurity Coordinator Resigns: On August 3, 2009, Melissa Hathaway, the acting cybersecurity czar resigned and withdrew her name for contention for the newly created position of White House cybersecurity coordinator. The coordinator’s position was created by President Obama in May 2009 to oversee the development and implementation of a government-wide cybersecurity strategy. Hathaway’s resignation will become effective August 24, 2009.

Upcoming Events –

• Join us for our 3rd Wednesdays with Winston "brown bag" lunchtime program presented by the Family Online Safety Institute (FOSI) and Womble Carlyle (August 26th, 12-1:30 pm in Womble Carlyle's DC Office). We’ll focus on what's happening with online safety at the Federal Trade Commission (FTC) and what these developments may mean for your business. Attendees will hear from a panel of industry experts on updates to COPPA, behavioral advertising and other issues affecting online safety and privacy, followed by an interactive roundtable discussion. Panelists include: Peder Magee, Federal Trade Commission; Frank Torres, Microsoft; Jules Polonetsky, The Future of Privacy Forum; Jennifer Kashatus, Womble Carlyle; and moderator, Stephen Balkam, FOSI. There is no cost to attend, but space is limited. To register, click here.
• Visit Womble Carlyle’s Privacy Team in the Exhibit Hall at the IAPP Privacy Academy in Boston, September 16-18.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.