BLOGS: Privacy and Data Protection

Friday, December 18, 2009, 10:36 AM

Privacy Bulletin: Issue No. 32

In the News
House Approves Comprehensive Privacy Legislation: On December 8, 2009, the U.S. House of Representatives passed H.R. 2221, the Data Accountability and Trust Act (Rush, D-IL), a comprehensive reform effort governing the handling of sensitive data. The bill authorizes the Federal Trade Commission to promulgate regulations requiring entities to implement security policies and procedures to safeguard sensitive personal data; creates strict requirements regarding the collection, retention, and accuracy of personal information for data brokers; imposes additional requirements on data brokers by requiring them to submit a copy of their security policy to the FTC along with a breach notification and implement audit procedures to authenticate consumer information; and sets forth a national data breach notification standard. The bill was received in the Senate and referred to the Senate Commerce Committee where it is awaiting action.

Court Upholds Decision Exempting Attorneys from Scope of Red Flags Rule: On December 1, 2009, the U.S. District Court for the District of Columbia upheld its October 29, 2009 bench ruling exempting attorneys from compliance with the Federal Trade Commission’s (FTC) Red Flags Rule, which will take effect June 1, 2010. The Court found that the Congress did not authorize the FTC to sweep attorneys into regulations aimed at the credit industry and that application of the rules to attorneys was unreasonable.

$15.5 Million Judgment Entered Against Leader of “Spam Gang”: On November 30, 2009, a federal judge for the United States District Court for the Northern District of Illinois, at the request of the Federal Trade Commission (FTC), ordered the head of an international spam network to pay $15.5 million for his role in spearheading spammers from around the world to bombard consumers with billions of spam email messages. The spammers, through the targeted emails, deceptively marketed various weight–loss pills and prescription drugs, even though the pills had not been approved by the FDA and were potentially unsafe. The spammers also violated the CAN-SPAM Act for failure to provide a link or address to opt out of receipt.

Supreme Court to Review Employee Texting Policies: On December 14, 2009, the Supreme Court announced that it would consider employee’s privacy expectations when they send text messages from their employer’s accounts. The U.S. Court of Appeals for the Ninth Circuit recently found workers retained a reasonable expectation of privacy in their text messages sent from devices and accounts supplied by their employers; however, the judge acknowledged that there is very little precedent to guide judges on what is reasonable in the electronic space.

FTC Launches Website to Educate Children About Privacy: On December 2, 2009, the Federal Trade Commission launched a website (www.ftc.gov/YouAreHere) containing content that will assist children to learn to protect their privacy, identify fraud and avoid identity theft while using the Internet. The site also provides content for parents and teachers to educate children on these issues.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.

Monday, December 14, 2009, 3:51 PM

Privacy Updates in the 111th Congress and How Your Business May Be Affected

Although most of the public attention in Washington is on health care reform, elected officials also are considering important reforms in the area of privacy legislation. These proposed changes could affect such areas important to businesses as privacy breach notification, cybersecurity, health privacy, identity theft, and data transfers.

Womble Carlyle attorney Danielle Benoit writes about this pending legislation in the current issue of "Focus on WMACCA," the official newsletter of the Washington Metropolitan Area Corporate Counsel Association (WMACCA). Benoit reviews the three key pieces of privacy legislation currently under consideration:

  • Senate Bill 1490, the Personal Data Privacy and Security Act
  • Senate Bill 139, the Data Breach Notification Act
  • House Bill 2221, the Data Accountability and Trust Act.

Click here to read the full article.

Tuesday, December 1, 2009, 2:52 PM

Privacy Bulletin: Issue No. 31

In the News
Rhode Island Enacts New Data Destruction Law: On November 13, 2009, Rhode Island enacted a new law (H.B. 5902/S.B. 589) which places additional restrictions on the destruction of documents containing the personal information of consumers doing business in the state. The law defines personal information broadly and requires businesses to take reasonable steps to destroy consumers’ personal information. Businesses that do not comply could face a civil suit to recover actual damages and additional penalties imposed by the Rhode Island Attorney General for each violation. Businesses already subject to regulation under Gramm-Leach-Bliley and HIPAA are exempt. The law is effective January 1, 2010.

Accountants Seek Exemption from Red Flags Rule: On November 10, 2009, the American Institute of CPA's (AICPA) filed a lawsuit challenging the applicability of the Federal Trade Commission’s (FTC) Red Flags Rule to accountants in the United States District Court for the District of Columbia. AICPA argues that the rules impose "onerous and unnecessary" requirements on AICPA’s members. The lawsuit comes after the same Court enjoined the FTC from enforcing the rules against attorneys, in a lawsuit filed by the American Bar Association, for similar reasons.

FTC Releases Model Privacy Notice Form: On November 17, 2009, the Federal Trade Commission (FTC), in conjunction with several financial services industry regulators, released a model privacy notice form to assist consumers in understanding how financial institutions collect and share information. The FTC issued the model notice in response to a 2006 amendment to the Gramm-Leach-Bliley Act that required the agencies to propose a succinct and comprehensible model form that enables consumers to easily compare the privacy practices of different financial institutions.

Obama Names FTC Commissioners: On November 16, 2009, President Obama appointed Julie Brill and Edith Ramirez to fill two vacant spots at the Federal Trade Commission. Julie Brill has served as the Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice since February 2009 and has similar experience in Vermont over the past 20 years. Edith Ramirez is an attorney, specializing in Intellectual Property, with Quinn Emmanuel Urquhart Oliver & Hedges. On November 30, 2009, the FTC also announced senior staff appointments.

Health Net Breach Affects Nearly Half a Million Patients: On November 18, 2009, Health Net, a Connecticut based regional health insurance plan, reported that personal information of approximately 446,000 patients was compromised when a portable disk containing the information went missing in May 2009. The information on the disk was compressed data (and not encrypted); however, special software is needed to access the information. Officials in Connecticut were outraged that Health Net waited nearly six months to report the breach. Health Net will provide free credit reporting for two years to all affected customers.

House Holds Hearing To Explore the Online and Offline Collection of Consumer Information: On November 19, 2009, the House Committee on Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection and the Subcommittee on Communications, Technology, and the Internet held a joint hearing to examine the commercial collection and use of consumer data in the online and offline marketplace. Lawmakers heard how the collection of such information benefits consumers and how that use should be balanced against privacy concerns. The testimony will help shape draft privacy legislation in the coming months.

Privacy and Data Protection Team
The attorneys in Womble Carlyle's Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.

back to top