Privacy Bulletin: Issue No. 35

In the News
Google Heads Guilty of Failure to Comply with Privacy Code: An Italian court convicted three Google executives in criminal court for a display of a video on Google’s website that the executives did not create, upload, or review. The court found Google Privacy Counsel Peter Fleischer, Chief Legal Officer David Drummond, and former Chief Financial Officer George Reyes guilty of violating the Italian privacy code by allowing a disparaging video, showing teenage boys bullying a disabled child. Prosecutors alleged that Google failed to take down the video months after the company began receiving complaints, but Google claims it took the video down as soon as it received notice. The decision raises questions regarding free expression and the liability of executives for the content posted on their website. Google executives intend to appeal the decision.

Google’s privacy challenges are not confined to Italy; it has also faced challenges in the United States resulting from the introduction of its new social network, Buzz. A Harvard law student has filed a class action lawsuit against Google, alleging breaches of the Federal Electronic Communications Privacy Act, the Federal Computer Fraud and Abuse Act and the Federal stored Communications Act, due to privacy practices of Google’s network. In the lawsuit, the complainants allege that Google introduced Buzz into the Gmail accounts of Google users that did not request the service, automatically created networks from Gmail contacts, and allowed private information to be published. The lawsuit came on the heels of an FTC complaint filed by the Electronic Privacy Information Center about Google Buzz.

HHS Focuses on Privacy: On February 16, 2010, the Department of Health and Human Services named Joy Pritts, assistant professor at Georgetown University’s Health Policy Institute, as its chief privacy officer- a new position at HHS. As chief privacy officer, Pritts will advise Dr. David Blumenthal, the national coordinator for health IT, on forming policies on privacy, security and data stewardship of electronic health information. The HHS Office for Civil Rights launched a website listing entities that have reported large breaches of health information.

Massachusetts Data Protection Laws Take Effect: On March 1, 2010, stringent data protection laws went into effect in Massachusetts. The new rules require any company that holds the personal information of Massachusetts residents (whether as consumers or employees) to create and implement a comprehensive information security program.

Facebook Beacon Privacy Suit- Decision Delayed: U.S. District Court Judge Richard Seeborg postponed a decision on whether to approve the proposed $9.5 million settlement agreement proposed in the Facebook Beacon targeted advertising class action. Under the terms of the agreement, Facebook would be required to shut Beacon down permanently and contribute $6 million to a new privacy foundation. The Beacon program, launched in November 2007, published information about users purchasers at specific retailers. Several petitioners, including consumer advocacy groups, have asked Seeborg to reject the settlement, because, as it is written, Facebook would have some control over the new privacy foundation, and because it only provides monetary damages to the 19 Facebook members who initially brought suit.

FTC Fines Tenant Screener for Renter File Access and Remediation Delays: On February 9, 2010, the FTC fined First Advantage SafeRent, Inc., a company that compiles reports for landlords on prospective tenants, including history of evictions, lease and payment information, and criminal background checks, for failing to allow renters proper access to their files and to contest disputed information as required by the Fair Credit Reporting Act. The FTC alleged that SafeRent violated provisions of the Fair Credit Reporting Act and engaged in unfair and deceptive practices in contravention of the FTC Act by failing to respond to requests by consumers in a timely manner. SafeRent allegedly advised consumers that faxed their requests that they would have to be mailed instead. The FTC said this practice contravenes the FCRA and could cause tenants to lose out on rental property opportunities.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.