Privacy Bulletin: Issue No. 43

In the News
Cybersecurity Legislation Update: Senate Majority Leader Harry Reid (D.-Nev.) said that he is committed to developing comprehensive cyber security legislation in a June 1, 2010, letter to President Obama. Currently, Reid and other senators are working to integrate components of several bills, including the "Protecting Cyberspace as a National Asset Act of 2010” (S. 3480), proposed by Homeland Security Chairman Joseph Lieberman (I.-Conn.) (also a signatory to the June 1, 2010 letter), which was approved by the Senate Homeland Security Committee last month. The letter was also signed by Chairmen of the Homeland Security, Judiciary, Armed Services, Foreign Relations and Intelligence Committees, as well as Chairman of the Committee on Commerce, Science and Transportation John D. Rockefeller, IV (D.-W.V.), co-author of the “Rockefeller-Snowe Cybersecurity Act,” (S. 773), the other main bill under consideration by the senators. The senators said that their committees had already “developed a number of well-considered proposals” to achieve a balance between the need for a secure digital environment and civil rights and free commerce concerns and that they intend to build upon the bills in a piece of comprehensive legislation. Senate Republicans have not been involved in these negotiations.

HHS Proposes Privacy Rights Rule: On July 8, 2010, the U.S. Department of Health and Human Services proposed new healthcare information privacy rules that will bolster the Health Insurance Portability and Accountability Act (“HIPAA”) protections. The new rules would expand individuals’ rights to access information, restrict access of health information to insurers, and broaden HIPAA regulations to apply to a wider demographic, including business associates of doctors and insurers. A comment period on the rules proposal is ongoing and will end September 14, 2010.

Nonprofit Agency Files FTC Privacy Complaint Against Online Data Aggregator Website: The Center for Democracy and Technology (“CDT”) filed a complaint with the Federal Trade Commission against Spokeo.com, (“Spokeo”) a people-search service, alleging that the website violates the Fair Credit Reporting Act (“FCRA”). CDT claims that Spokeo, which offers information on credit ratings and other financial information of millions of U.S. consumers, does not inform consumers of adverse determinations based on that data or give them an opportunity to learn who has accessed their profiles, as required by the FCRA. CDT has asked the FTC to enjoin Spokeo from offering consumer reports until the company is brought into compliance with the FCRA.

Privacy Groups Urge FTC to Draft Privacy Plan: On July 14, 2010, representatives from seventeen consumer privacy advocacy groups wrote a letter encouraging Federal Trade Commission Chairman Jon Leibowitz to draft a comprehensive plan akin to the National Broadband Plan created by the Federal Communications Commission this spring. The FTC already has held several consumer privacy workshops this year, and the groups, which include the ACLU, Consumer Watchdog, and the Electronic Privacy Information Center, asked the FTC to take what was learned in that process to create comprehensive statutory and regulatory solutions to address what they describe as “deficiencies in Americans’ privacy rights.” The groups asked the FTC to 1) create a comprehensive privacy law that enumerates consumer rights to protect their personal information, 2) draft specific regulations to govern information collection by online advertisers, 3) identify new business practices, including location-based targeting and digital signage, that raise possible privacy concerns and address those concerns, and 4) improve transparency at the FTC.

FTC’s Comment Period on COPPA Ends: On July 12, 2010, the FTC’s comment period on its review of the Children's Online Privacy Protection Rule (“COPPA” Rule) ended. Over 70 entities commented, including large telecommunications companies, industry groups and consumer advocacy groups, with companies and industry groups generally pushing for little or no change to the rules while privacy groups advocated for sweeping changes and more rigorous enforcement.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.