Tuesday, December 1, 2009, 2:52 PM

Privacy Bulletin: Issue No. 31

In the News
Rhode Island Enacts New Data Destruction Law: On November 13, 2009, Rhode Island enacted a new law (H.B. 5902/S.B. 589) which places additional restrictions on the destruction of documents containing the personal information of consumers doing business in the state. The law defines personal information broadly and requires businesses to take reasonable steps to destroy consumers’ personal information. Businesses that do not comply could face a civil suit to recover actual damages and additional penalties imposed by the Rhode Island Attorney General for each violation. Businesses already subject to regulation under Gramm-Leach-Bliley and HIPAA are exempt. The law is effective January 1, 2010.

Accountants Seek Exemption from Red Flags Rule: On November 10, 2009, the American Institute of CPA's (AICPA) filed a lawsuit challenging the applicability of the Federal Trade Commission’s (FTC) Red Flags Rule to accountants in the United States District Court for the District of Columbia. AICPA argues that the rules impose "onerous and unnecessary" requirements on AICPA’s members. The lawsuit comes after the same Court enjoined the FTC from enforcing the rules against attorneys, in a lawsuit filed by the American Bar Association, for similar reasons.

FTC Releases Model Privacy Notice Form: On November 17, 2009, the Federal Trade Commission (FTC), in conjunction with several financial services industry regulators, released a model privacy notice form to assist consumers in understanding how financial institutions collect and share information. The FTC issued the model notice in response to a 2006 amendment to the Gramm-Leach-Bliley Act that required the agencies to propose a succinct and comprehensible model form that enables consumers to easily compare the privacy practices of different financial institutions.

Obama Names FTC Commissioners: On November 16, 2009, President Obama appointed Julie Brill and Edith Ramirez to fill two vacant spots at the Federal Trade Commission. Julie Brill has served as the Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice since February 2009 and has similar experience in Vermont over the past 20 years. Edith Ramirez is an attorney, specializing in Intellectual Property, with Quinn Emmanuel Urquhart Oliver & Hedges. On November 30, 2009, the FTC also announced senior staff appointments.

Health Net Breach Affects Nearly Half a Million Patients: On November 18, 2009, Health Net, a Connecticut based regional health insurance plan, reported that personal information of approximately 446,000 patients was compromised when a portable disk containing the information went missing in May 2009. The information on the disk was compressed data (and not encrypted); however, special software is needed to access the information. Officials in Connecticut were outraged that Health Net waited nearly six months to report the breach. Health Net will provide free credit reporting for two years to all affected customers.

House Holds Hearing To Explore the Online and Offline Collection of Consumer Information: On November 19, 2009, the House Committee on Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection and the Subcommittee on Communications, Technology, and the Internet held a joint hearing to examine the commercial collection and use of consumer data in the online and offline marketplace. Lawmakers heard how the collection of such information benefits consumers and how that use should be balanced against privacy concerns. The testimony will help shape draft privacy legislation in the coming months.

Privacy and Data Protection Team
The attorneys in Womble Carlyle's Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.

0 Comments:

Post a Comment

<< Home

back to top