FCC Dives into Privacy and Data Security Enforcement

By Ted Serra & Victoria Jeffries on February 15, 2015

Posted in Cybersecurity, Privacy, Regulatory

Making a splash with its first-ever data security enforcement actions, the Federal Communications Commission (FCC) entered uncharted waters late last year by aggressively asserting its role in safeguarding consumer information. In the fall of 2014, for the first time, the FCC took administrative enforcement action in two instances against telecommunications carriers that misused data, misrepresented their data security efforts, and failed to appropriately secure customer data. The FCC’s efforts demonstrate that it believes it has a role to play in the wider privacy landscape, even as the Federal Trade Commission (FTC) has thus far taken the lead on privacy and data security enforcement.¹
Continue Reading FCC Dives into Privacy and Data Security Enforcement

Consumer Financial Protection Bureau Issues Final Rule Regarding Online Annual Consumer Privacy Notices

By Jonathan Adams on February 15, 2015

Posted in Regulatory

The Consumer Financial Protection Bureau (CFPB) recently adopted the Privacy Notice Rule, a final rule that permits the financial institutions it regulates the option to post annual consumer privacy notices online, rather than mailing paper copies to customers, under certain conditions.¹

The Privacy Notice Rule is the latest instance of regulatory relief provided to financial institutions by the CFPB. The new rule, which follows on the heels of other streamlining rulemakings by the CFPB, aims to reduce unnecessary or unduly burdensome regulatory requirements in the financial sector: the CFPB estimates that, as a result of the rule, financial institutions’ compliance expenses will decrease by approximately $17 million annually.²
Continue Reading Consumer Financial Protection Bureau Issues Final Rule Regarding Online Annual Consumer Privacy Notices

COPPA Looms Large for Mobile Apps

By Tracy Shapiro & Sonal Mittal Tolman on February 15, 2015

Posted in Privacy, Regulatory

The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider COPPA when developing and testing mobile apps can have serious consequences.
Continue Reading COPPA Looms Large for Mobile Apps

Better Business Bureau Keeps Promise of Vigorous Enforcement of Online Interest-Based Advertising Accountability Program

By Lydia Parnes & Tonia Klausner on February 15, 2015

Posted in Privacy, Regulatory

Online interest-based advertising, sometimes called behavioral advertising, is big business. Advertisers—and the technology companies that make this business possible—use information collected from a particular computer or device, over time and across others’ websites, to predict preferences and target and display advertising that is most likely to interest the user.

With encouragement from the Federal Trade Commission,¹ online advertising industry organizations adopted a set of “Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles),”² which apply to members of those organizations: the ad networks, advertising agencies, service providers, and web publishers that engage in or facilitate the collection of online user data across websites for purposes of interest-based advertising. The Better Business Bureau (BBB) enforces the OBA Principles through its Online Interest-Based Advertising Accountability Program (Accountability Program). Recent action by the BBB reflects its commitment to vigorously enforce the OBA Principles.
Continue Reading Better Business Bureau Keeps Promise of Vigorous Enforcement of Online Interest-Based Advertising Accountability Program

EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

By Cédric Burton & Laura De Boel on February 15, 2015

Posted in European Union, Privacy

ThinkstockPhotos-149480786-web The European data protection regulators, the Article 29 Working Party (WP29), recently issued two guidance papers which clarify the data protection legal framework applicable to the Internet of Things (IoT) and to the use of device fingerprinting. Both opinions underline WP29’s current focus on data-driven innovations. This article highlights the key takeaways from these two opinions.
Continue Reading EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

California Amends Data Breach Notification Law and State Attorney General’s Data Breach Report May Lead to More Changes

By Wendell Bartnick & Joseph Molosky on February 15, 2015

Posted in Cybersecurity

Prompted by data breaches affecting large retailers in the United States, the California legislature recently passed Assembly Bill 1710 (A.B. 1710) to update the state’s breach notification law to require breached entities to provide free credit monitoring services to affected individuals following certain types of data breaches. This change, effective January 1, 2015, was recommended by the California Attorney General’s Office in its 2013 Data Breach Report. The Attorney General’s Office recently published its 2014 Data Breach Report, and its recommendations provide insight into the office’s enforcement priorities. The recommendations may also find their way into California law.
Continue Reading California Amends Data Breach Notification Law and State Attorney General’s Data Breach Report May Lead to More Changes

The Data Advisor