BLOGS: Privacy and Data Protection

Friday, January 15, 2010, 11:58 AM

Privacy Bulletin: Issue No. 33

In the News

Data Privacy Day—January 28, 2010: Data Privacy Day is designed to raise awareness of the importance of respecting the dignity of individuals expressed through personal information. Various privacy advocacy groups, academics, and government leaders from around the world have planned events to educate the public about various privacy issues. For more information about Data Privacy Day and events in your area, please visit

New York Public Sector Social Security Law Takes Effect: As of January 1, 2010, public employers in New York State may no longer publicly display, use, or communicate their employee’s social security numbers. Nor may they encode or embed social security numbers in or on a card or document in place of removal or store social security numbers in unrestricted areas. The law took effect for privacy sector employers on January 3, 2009 and imposes civil penalties up to $500 for knowing violation of the statute.

Connecticut AG Sues for HIPAA Violation: On January 13, 2010, Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net of Connecticut for its alleged failure to secure the personal health information of approximately 446,000 patients prior to a security breach and its failure to timely notify affected patients in violation of the Health Insurance Portability and Accountability Act (HIPAA). This is the first action taken by a state attorney general involving HIPAA violations since the Health Information Technology for Economic and Clinical Health Act (HITECH) took effect, authorizing state attorney generals to enforce HIPAA.

FTC Seeks Comment on Revised COPPA Guidelines: On January 6, 2010, the Federal Trade Commission (FTC) announced that it is seeking public comment on proposed guidelines that will assist web operators to comply with the Children’s Online Privacy Protection Act (COPPA), which requires parental notification and consent before collecting personal information from children under the age of thirteen. The proposed rules were submitted by the non-profit, iSAFE, Inc., in an attempt at industry self-regulation under the COPPA safe harbor. The comment period will last for 45 days and comments may be viewed here.

FCC Seeks Comment on Privacy Concerns in Broadband Deployment: On January 13, 2010, the Federal Communications Commission (FCC) released a Public Notice announcing an opportunity for interested parties to comment on limited privacy issues associated with broadband adoption and deployment. The FCC initially sought general comment on these issues as part of its larger National Broadband Plan proceeding (GN Docket No. 09-51). On January 11, 2010, the Center for Democracy and Technology (“CDT”) requested that the FCC tailor its focus to certain privacy issues. Per CDT’s request, the FCC now solicits narrow comment in the following four areas: (1) meeting consumer expectations of privacy; (2) building privacy by design; (3) creation and use of transactional data; and (4) third party applications. Comments are due January 22, 2010.

Israel and Andorra receive Adequacy Status from EU: On January 12, 2010, the European Union Working Party released two opinions adopted in December 2009 finding that Israel and Andorra offer an adequate level of data protection for the purposes provided for within Article 25.6 of the EU Data Directive (Directive 95/46/EC). Only six others have previously acquired this status: Argentina, Canada, Switzerland, the Bailiwick of Guernsey, the Bailiwick of Jersey and the Isle of Man.

Maine Legislature Introduces New Marketing to Minors Law: The Maine Legislature introduced a new bill, L.D. 1677, that would prohibit the collection and use of personal information of children ages 13-17 online for purposes of pharmaceutical marketing. This bill would repeal the highly criticized LD 1883, which took effect in July 2009 but was never enforced due to concerns that it is unconstitutional. LD 1677 differs from its predecessor in that it only applies to the marketing of pharmaceutical products and it gives the attorney general the power to adopt rules to determine its scope.

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.

Tuesday, January 12, 2010, 11:19 AM

Value-Focused, Innovative Approach to Large-Scale Litigation Document Review Project

Following a large-scale data security breach, the legal department at Heartland Payment Systems had to determine how to best respond to two separate government agency investigations as well as various commercial and consumer litigation cases. In addition to defending against the claims, company officials also had to contend with potentially astronomical costs for document production.

Read the case study...


back to top