Privacy Bulletin: Issue No. 27

In the News

Challenge to Maine Privacy Law Dismissed: On September 9, 2009, a federal judge for the United States District Court for the District of Maine dismissed the challenge filed by various media and Internet entities to Maine’s new privacy law which restricts the collection, publication and use of personal data from minors under the age of 18 without parental consent. Although the judge agreed with the challengers that the law raises significant constitutional concerns, he dismissed the case on the ground that the Maine Attorney General does not intend to enforce the law as written.

FTC Requires Sears To Destroy All Behavioral Tracking Data: On September 10, 2009, the Federal Trade Commission (FTC) gave final approval to a settlement agreement with Sears Holdings Management Corporation (Sears) for its use of software to track consumers’ behavior on the Internet. The agreement requires Sears to destroy all data that it obtained from consumers who used the tracking software. Sears maintains that its use of the software was permissible because consumers paid to download the software and participate in the tracking.

TJX Settles Additional Breach Lawsuit: TJX Companies, Inc. (TJX) has agreed to settle another lawsuit with several banks in connection with the retailer’s January 2007 data breach. TJX will pay $525,000 to AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union, and Trustco Bank as part of the agreement to cover breach related expenses incurred by the banks. In turn, the banks will drop all claims against TJX. TJX maintains it did not engage in any improper conduct.

FTC Submits Privacy Concerns to FCC for the Development of a National Broadband Plan: On September 4, 2009, the Federal Trade Commission (FTC) submitted comments in the Federal Communications Commission’s (FCC) docket focused on developing a national broadband plan (Docket No. GN 09-51). The FTC’s 17 page comments urged the FCC to consider: (1) truthful, clear and conspicuous material terms of service; (2) data security issues; and (3) general privacy concerns, including the threats posed by behavioral advertising.

ZDNet Issues Whitepaper on Massachusetts Privacy Regulations: In July 2009, ZDNet issued a whitepaper that provides an overview on the Massachusetts data protection law which requires entities doing business in Massachusetts to follow comprehensive information security requirements for both paper and electronic records. Specifically, the paper covers who must comply, the compliance timeline, compliance standards and enforcement.

Upcoming Events

• Visit Womble Carlyle’s Privacy Team in the Exhibit Hall at the IAPP Privacy Academy in Boston, September 16-18.

Privacy and Data Protection Team

The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.