Tuesday, May 4, 2010, 3:05 PM

Privacy Bulletin: Issue No. 38

In the News
Boucher Introduces Privacy Legislation Discussion Draft:
On May 3, 2010, Chairman Boucher released his long awaited draft legislation on internet privacy. As drafted, the bill uses a combined opt-in/opt-out approach for the collection of personal information used for targeted marketing and advertising. Of note, the bill requires users to OPT-OUT of information collection for information that is not considered sensitive. For sensitive information (defined to include medical, racial, religious, sexual orientation, financial, or geolocational in nature) users would be required to opt IN for its collection. Violations of the Act would be treated as unfair and deceptive acts or practices of current regulations. In addition, while State Attorneys General could file their own suits, advanced of those suits would have to wait until all federal suits were completed. Lastly, the bill would pre-empt all current State and local laws and would not provide for any private right of action.

FTC Will Host Roundtable Addressing the Need for Changes the COPPA Rule: On June 2, 2010, the FTC will host a roundtable entitled “Protecting Kids’ Privacy Online: Reviewing the COPPA Rule” to discuss whether the Children’s Online Privacy Protection Rule should be updated to address recent advances in technology, including the prevalence of smart phones and other nontraditional devices to access the Internet. Topics include those listed in the FTC’s March 24, 2010, request for comments on the COPPA rule: implications for COPPA enforcement raised by interactive media; the use of automated filtering systems to review information posted on the internet by children; if COPPA’s definition of “personal information” should be expanded to include information like persistent IP addresses; if the list of technological methods to obtain verifiable parental consent in COPPA should be modified; if parents are exercising their right to review or delete personal information collected from their children; the efficacy of COPPA’s process for FTC approval of self-regulatory guidelines; and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way. The roundtable will be held at the FTC Conference Center at 601 New Jersey Avenue NW in Washington, D.C.

Amazon Sues to Protect Its Customers’ Privacy: On April 19, 2010, Amazon.com brought a lawsuit in federal court challenging a North Carolina Department of Revenue’s demand for information regarding Amazon’s customers. According to Amazon, the Department sought personal information, including names, addresses, and buying history of Amazon customers. The Department sought the requested information as part of an audit to determine Amazon’s compliance with state sales and use tax laws. The case is pending.

Dept. of Commerce Issues Notice of Inquiry on Information Privacy and Innovation: On April 20, 2010, the Department of Commerce (“DOC”) launched a wide-sweeping, holistic review to determine the impact of U.S. and foreign privacy laws on innovation in the Internet economy. The DOC has created an Internet Policy Task Force to identify leading public policy and operational challenges in the Internet. The Notice of Inquiry sought comment on numerous issues involving national and international privacy laws, jurisdictional conflicts, and the role of the Task Force in helping to increase innovation and consumer trust in the information economy. Comments are due June 7, 2010. For additional information, please see our advisory.

Supreme Court Hears Oral Arguments in Two Key Privacy Cases: On April 19, 2010, the U.S. Supreme Court heard arguments in City of Ontario v. Quon (08-1332), in which city employees alleged that their employer, the Ontario, California police department, violated their privacy by reading personal text messages they sent on their employer-issued mobile phones. The 9th Circuit Court of Appeals ruled in June 2008 that the officers had a reasonable expectation of privacy in their text messages. Justice Stephen Breyer stated that he saw nothing unreasonable about the police department monitoring its employees’ text messages, in light of a written policy warning employees that they have no guarantee of privacy in using office computers and other electronics, suggesting that at least one member of the Supreme Court might be inclined to overturn the lower court’s decision.

The Court recently heard arguments in another important privacy case, Doe v. Reed, which addresses First Amendment implications surrounding public disclosure of signatures on referendum petitions. Last October, Protect Marriage Washington began a petition drive in support of Referendum 71, which would repeal a 2009 referendum that expanded the rights of registered domestic partners. When the petitions were submitted to the state for verification, supporters of the domestic partners rights law sought access to the names and addresses of the signers. Supporters of Referendum 71 sought to bar disclosure of this information on the theory that identification of the signers would violate their First Amendment right to privacy in political speech and association, and the Court stepped in to block the release of the information pending a decision in this case.

State and Federal Legislation
Senate Dems Introduce Anti-Video Surveillance Bill Following High School Webcam Backlash: Arlen Specter (D-Pa.), Russ Feingold (D-Wis.), and Ted Kaufman (D-Del.) introduced a bill in the Senate on April 16, 2010, that would update Title III of the Omnibus Crime Control and Safe Streets Act, known as the “Wiretap Act,” to explicitly outlaw video-based surveillance. The “Surreptitious Video Surveillance Act” would amend the federal Wiretap Act to treat video surveillance (defined as “the intentional recording of visual images of an individual in an area of a residence that is not readily observable from a public location and in which the individual has a reasonable expectation of privacy”) the same as an interception of an electronic communication. The move is in response to the discovery by parents of a high-school student in Philadelphia that their child was unknowingly videotaped on a webcam on a school-issued computer.

California Senate Passes Stricter Breach Notification Laws: The California Senate has passed a bill that would require more detailed notifications of breaches. California was the first state to require organizations maintaining residents’ personal information to notify customers of breaches. If the bill passes, the breach notification letters mandated by California will be required to contain more detailed information including the type of personal information exposed, a description of the incident, and advice to consumers about how to protect themselves from identity theft. Organizations covered under the bill would also be required to notify the California attorney general’s office if 500 or more California residents were affected by the breach. The same bill was proposed in the California Senate last year but was vetoed by Governor Arnold Schwarzenegger.

California Senate Moves to Prohibit Posts with Personal Information of Children on Social Networking Sites: On April 22, 2010, the California Senate passed another privacy bill – one aimed at protecting children on social networking sites. The bill, written by Ellen Corbett (D- San Leandro) would prevent social networking sites from posting the telephone number or home address of a user who identifies himself or herself as being under the age of 18 years old. If the measure becomes law, social networking sites that knowingly violate the provision will face a civil penalty of up to $10,000 per violation. Critics of the measure claim that, because the bill relies entirely on self-reporting of age by users, it may not be effective at protecting children online.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.

0 Comments:

Post a Comment

<< Home

back to top