Privacy Bulletin: Issue No. 34
In the News
FCC Proposes More Restrictive Automated Call Rules. The FCC is seeking comment on its proposal to modify the Telephone Consumer Protection Act ("TCPA") to adopt changes similar to those in the FTC’s recently amended Telemarketing Sales Rule. Possible changes would (1) require prior written consent of telephone subscribers to receive prerecorded calls; (2) remove the "prior business relationship" exemption; (3) require an automated interactive opt-out message and/or telephone number for company-specific do-not-call requests, as the situation requires; and (4) change how companies’ "abandoned call" rates are measured by adopting a "per campaign" standard. The FCC also proposed the inclusion of an exemption for health care related prerecorded messages. Such an exemption is not currently in place in the FTC rule, but the American Dental Association, American Medical Association, American Osteopathic Association, and American Veterinary Medical Association recently petitioned the FTC for a similar exemption to the Telemarketing Sales Rules. Their request comes on the tail of a decision by the U.S. District Court for the District of Columbia ordering the FTC to exempt lawyers from the Telemarketing Sales Rule.
The proposed rules would affect a small subset of sellers and telemarketers that are not already subject to the Telemarketing Sales Rules, including banks, federal credit unions, and federal savings and loans; common carriers; and non-profit organizations. Comments on the FCC's Notice of Proposed Rulemaking are due 60 days after their publication in the Federal Register, with reply comments due 30 days later.
Representative Boucher Says He Will Soon Introduce Online Privacy Bill. On January 28, 2010, Rick Boucher (D-VA) said he is "very close" to finishing a draft of legislation mandating new online privacy safeguards that would require consent from consumers when collecting data to use for targeted ads. Boucher, who chairs the House Subcommittee on Communications, Technology and the Internet, has said that the bill will aim to outline best practices for advertisers that use targeted marketing and punish behavior that shows disregard for privacy.
Census Head Orders Review of Effect of Privacy Policy on Accuracy of Data. On February 5, 2010, Robert M. Groves, director of the Census Bureau ("Bureau"), announced that he had ordered a review of the effects of the government's policies and practices intended to protect the privacy of individuals, after it was discovered that publicly available data on the elderly contained a high level of errors resulting from the government's policies. According to the National Bureau of Economic Research, some statistics may have been inaccurate by up to as much as 15%. The errors appear to have resulted from flawed software, which, while intended to obscure the personal data of individuals by skewing individual information yet maintaining accurate statistics, failed to appropriately offset the skewed numbers, thereby compromising the overall census data.
Massachusetts Data Protection Law Goes into Effect March 1. Companies, regardless of where they are based, that maintain personal information about Massachusetts residents (whether employees or residents) must comply with the new data protection law. Among other requirements, under the law, companies must enact written data protection procedures and must adopt specific system security measures.
Plan to Restrict Use of Social Security Numbers of Government Workers Abandoned. Office of Personnel Management Director John Berry announced January 27, 2010, that he was withdrawing an OPM proposal to bar agencies from using SSNs as the primary identification number for employees in data processing systems. Berry stated that he was withdrawing the proposal due to concerns by respondents that an alternate employee identifier would be required, prior to implementation of the rule, as a replacement in the numerous systems currently utilizing SSNs.
Privacy and Data Protection Team
The attorneys in Womble Carlyle's Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.