Emerging Issues Law Community Cyber Risk and Privacy

California AG Advocates 'Surprise Minimization' to Protect Mobile Device Consumers from Unexpected Privacy Practices

FC-RealEstate@placeholder.com (LexisNexis Emerging Issues Law Community Staff) — Fri, 12 Apr 2013 11:43:00 -0400

Hailing her state as the "epicenter of modern innovation," California Attorney General Kamala D. Harris has issued recommendations for app developers and providers, advertising networks and others as part of an effort to give consumers "meaningful information" about privacy choices on mobile devices. And while the AG has presented these as mere guidelines, attorneys say they are an indicator of things to come.

Among these recommendations is "surprise minimization," designed to avoid catching consumers off guard with data collection practices they may not have expected

Keller and Heckman LLP: Revamping Kids Privacy: FTC Finalizes COPPA Rule Changes

Keller.Heckman@placeholder.com (Keller and Heckman LLP) — Fri, 25 Jan 2013 11:36:00 -0400

By Sheila Millar, Tracy Marshall, and Crystal Skelton

Excerpt:

On December 19, 2012, the Federal Trade Commission ("FTC" or "Commission") issued final rule amendments concluding its review of the Children's Online Privacy Protection Act ("COPPA") Rule ("final COPPA Rule"). The FTC's review of the COPPA Rule began with a request for public comment in April, 2010, followed by a public roundtable. The FTC subsequently released initial proposed revisions to the COPPA Rule on September 15, 2011 through a Notice of Proposed Rulemaking ("2011 NOPR"), and additional revisions on August 6, 2012 through a Supplemental Notice

California AB 1844: Limiting Employers' Access to Employees' Social Media

FC-RealEstate@placeholder.com (LexisNexis Emerging Issues Law Community Staff) — Wed, 12 Dec 2012 13:42:00 -0400

Whether you "like" it or not, social media is changing the legal landscape of employee privacy rights at a rapid pace. On September 27, 2012, California Gov. Jerry Brown signed into law AB 1844, which prohibits employers from requiring (or requesting) employees or applicants to divulge their social media log-on information. This article will address the evolving area of employee privacy law in California, and the impact of AB 1844.

Excerpt:

Using Social Media to Screen Applicants

On October 4, 2012, Facebook announced that it had more than one billion

Free Download: White Paper Explores Insurance Coverage Implications of Social Media

FC-RealEstate@placeholder.com (LexisNexis Emerging Issues Law Community Staff) — Tue, 11 Dec 2012 09:58:00 -0400

With social media pervading most aspects of society and business, are you up to date on the changes that it brings to the insurance industry? Download a complimentary white paper covering insurance implications of social media.

Social media presents a whole new set of exposures and liabilities that can cause significant damage to a company.

The majority of potential liabilities that companies face from social media fall into three categories: Privacy and Network Security; Intellectual Property; and Employment Practices.

This white paper will endeavor to explore these three areas of liability and provide insight and guidance to insurance professionals as well as companies

Siemens and Beck on Obtaining Optimal Cyber Insurance

FC-RealEstate@placeholder.com (LexisNexis Emerging Issues Law Community Staff) — Mon, 05 Nov 2012 15:46:00 -0400

By Rene Siemens and David Beck, Attorneys, Pillsbury Winthrop Shaw Pittman LLP

This commentary observes that the rising threat of cyber attacks and data breaches as well as the proliferation of data security and privacy laws have made it more important than ever for organizations that handle sensitive information to insure against data security and privacy losses. The article further points out the most common cause of a data security breach remains the failure of employees

Supreme Court Hears Arguments On Standing To Challenge FISA's Constitutionality

mark.rogers@lexisnexis.com (Mark Rogers) — Tue, 30 Oct 2012 12:34:00 -0400

WASHINGTON, D.C. - (Mealey's) The U.S. Supreme Court on Oct. 29 heard arguments on the ability of a group of respondents to challenge the constitutionality of a law that its opponents characterize as "dragnet surveillance" related to the power that it gives the executive branch of the government to monitor telephone and e-mail communication involving foreign parties (John R. Clapper Jr., et al. v. Amnesty International USA, et al., No. 11-1025, U..S. Sup.).

(Transcript available. Document #24-121115-015T.)

US v Skinner [enhanced version available to lexis.com subscribers] based on GPS location data that the DEA used to follow Skinner who drove around the US in a motorhome filled

Ballard Spahr LLP: Maryland User Name and Password Privacy Protections Take Effect October 1

BallardSpahr@placeholder.com (Ballard Spahr LLP) — Thu, 13 Sep 2012 15:22:00 -0400

By Timothy F. McCormack and Michelle M. McGeogh

Beginning October 1, 2012, employees and job applicants' personal e-mail accounts, Facebook pages, Twitter accounts, Pinterest pages, and similar accounts will gain more protection from Maryland employers.

Under the new law, employers in Maryland will be prohibited from asking or requiring employees or job applicants to disclose user names, passwords, or other means of accessing personal e-mail or social media accounts. Employers also will be prohibited from retaliating against employees or applicants who refuse to provide their personal account information, and from refusing to hire applicants simply because they refuse to disclose their personal user names and passwords.

Peter S. Vogel: Should the Pentagon Defend Non-Military Networks?

Vogel@placeholder.com (Peter S. Vogel) — Thu, 13 Sep 2012 15:10:00 -0400

By Peter S. Vogel

The Secretary of Defense is considering a proposal "that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems." The Washington Post reported that anonymous sources stated:

It would account for changes in technology that will give more flexibility in defending the nation from cyberattack.

Probably this military proposal is a direct result that the 88% of US adults have cell phones. Whether a search warrant will be required for GPS data appears to be changing very quickly.

With the support of the American Civil Liberties Union and the Electronic Frontier Foundation, on August 22, 2012 the California legislature passed the Location Privacy Act which includes

Troutman Sanders LLP: Tips for Negotiating Your Website Development Contract

Troutman.Sanders@placeholder.com (Troutman Sanders) — Fri, 24 Aug 2012 14:30:00 -0400

By Troutman Sanders Tobacco Law Team

Often, the most significant impression a customer has of a company comes from the company's website. An attractive, well-organized and easy to use website is crucial in today's "click and buy" economy. A company's website also can represent a large investment, especially for a small manufacturer or retailer.

The process of creating a website, however, can be time-consuming and filled with unexpected hurdles. For a website development project to be a success, it is important to negotiate an agreement that clearly sets forth the parties' responsibilities and assumptions and addresses how to deal with problems as they arise. Below are a

Troutman Sanders LLP: New Jersey's Gift Card Law Requires Personal Data Collection

Troutman.Sanders@placeholder.com (Troutman Sanders) — Fri, 24 Aug 2012 12:41:00 -0400

We recently wrote about the California law prohibiting retailers from asking for their customers' ZIP codes in credit card purchases. In one of the most striking examples of the fractured, decentralized approach to consumer privacy existing in the U.S., we note that another state, New Jersey, has a law requiring business to collect customers ZIP codes in certain transactions.

New Jersey's controversial gift card law requires gift card issuers to "obtain the name and address of the purchaser or owner of each

Peter S. Vogel: Is Privacy at Risk with Mobile Purchases?

pvogel@gardere.com (Peter S. Vogel) — Thu, 23 Aug 2012 20:18:00 -0400

Privacy is not mentioned in the recent announcements by many large retailers for use of mobile apps for credit and debit card purchases. However, consumers' GPS data linked to mobile devices will likely lead to less privacy.

In early August, 2012 the New York Times reported that Starbucks teamed up with the mobile payment startup Square will begin processing credit and debit card transactions this fall.

Shortly after Starbuck's announcement the

Peter S. Vogel: Cloud Data Storage - How Safe?

Vogel@placeholder.com (Peter S. Vogel) — Fri, 17 Aug 2012 14:13:00 -0400

By Peter S. Vogel

Daily news headlines regularly report lax, or no, security for cloud data. In the past few weeks two very high profile businesses reported cloud breaches - Apple's iCloud and Dropbox. It is no coincidence that my August column for eCommerce Times is entitled "The Cloud Privacy Illusion," which of course I welcome you to review.

The Washington Post reported the Apple

Duane Morris LLP Alert: Illinois Bans Employers from Asking Employees or Applicants to Disclose Social Media Passwords

Duane.Morris@placeholder.com (Duane Morris LLP) — Fri, 17 Aug 2012 14:08:00 -0400

On August 1, 2012, Illinois Governor Pat Quinn signed an amendment to the Illinois Right to Privacy in the Workplace Act (P.A. 097-0875), which prohibits employers from requesting or requiring that employees or job applicants provide the employer with access to the employee's or applicant's social media accounts. The amendment, which goes into effect on January 1, 2013, subjects employers who willfully violate the prohibitions to fines of up to $200 per violation and also allows employees or applicants who allege violations to pursue civil court actions to recover actual damages, attorneys' fees and costs.

Under the new law, Illinois

Peter S. Vogel: Oops - Google Found Street View Wifi Data

Vogel@placeholder.com (Peter S. Vogel) — Mon, 13 Aug 2012 17:22:00 -0400

By Peter S. Vogel

Google confessed to U.K. officials that Google still has Street View unprotected wifi data collected before 2010 in spite claims that such data had been destroyed. On July 27, 2012 Peter Fleischer (Google's global privacy counsel) sent a letter to Steve Eckersley (head of enforcement) at the Information Commissioner's Office (ICO) and admitted the following:

Google has recently confirmed that it still

DLA Piper Data Protection Alert: How Much Has the Cookie Crumbled Across the EU?

DLAPiper@placeholder.com (DLA Piper) — Mon, 13 Aug 2012 17:20:00 -0400

By Paul McCormack

What's new?

Since our publication in March 2012, there has a been a number of updates in relation to the following jurisdictions:

Belgium

Cyprus

Peter S. Vogel

At time when cybersecurity is headline news around the world, partisan politics in the U.S. Senate got in the way of new a cybersecurity bill which was different than a bill passed in the U.S. House last April. The New York Times reported that the most vocal opponent of the new cybersecurity bill was the U.S. Chamber of Commerce who argued that the law would have been too burdensome. The report went on to describe that the bill:

...would have established optional standards for the computer systems that oversee

Peter S. Vogel: Reality Check - Governments Have Easy Access to Data on the Cloud

Vogel@placeholder.com (Peter S. Vogel) — Thu, 09 Aug 2012 13:48:00 -0400

By Peter S. Vogel

Laws around the world allow governments free access to data on the Cloud which may come as a surprise to many, but Mutual Legal Assistance Treaties (MLATs) facilitate cooperation across international boundaries. On May 23, 2012 Hogan Lovells published a White Paper entitled "A Global Reality: Government Access to Data in the Cloud" which includes this summary of conclusions:

On the fundamental

Delaware Workplace Privacy Act Protects Student Facebook Posts' Privacy

mdibianca@ycst.com (Margaret (Molly) DiBianca) — Wed, 08 Aug 2012 16:26:00 -0400

Delaware's Workplace Privacy Act (H.B. 308), died with the end of the legislative session. As readers know from my several prior posts, I won't exactly be mourning the loss. The Bill's companion legislation, H.B. 309, did survive, however, passed by the State Senate during its final session. Although my attention has been focused on H.B. 308, which would have affected all employers operating in the State, H.B. 309 is worthy of discussion, as well.

If signed by Gov. Markell, H.B. 309 will prohibit

Troutman Sanders LLP: Sitton v. Print Direction - Employees and Their Personal Devices

Troutman.Sanders@placeholder.com (Troutman Sanders) — Wed, 08 Aug 2012 15:45:00 -0400

What privacy rights does an employee have to personal devices used in the workplace? In what is almost certain to be one of many cases addressing the scope of those rights, the Georgia Court of Appeals decided the case Sitton v. Print Direction, Inc., 718 S.E.2d 532 (2011) [enhanced version available to lexis.com subscribers], in which an employee claimed that his employer violated his privacy rights by printing e-mails off of the employee's personal laptop.

The facts in the Sitton case do not paint the picture of a sympathetic employee

DLA Piper LLP: How the EU Has Implemented the New Privacy Directive on Cookies

DLAPiper@placeholder.com (DLA Piper) — Wed, 08 Aug 2012 15:43:00 -0400

The European Union's E-Privacy Directive has been in effect since May, and many jurisdictions across the EU are already tackling its implementation.

Belgium, Cyprus, France, Greece, Italy, Malta, The Netherlands and Spain have all taken action regarding the Directive.

Moreover, the Article 29 Working Party recently adopted an opinion addressing the meaning of "cookie consent exemption." This opinion aims to clarify the types of cookies which would fall within the exemption set out under the Directive.

The amended E-Privacy Directive requires the user to consent to the use of cookies. This change requires that consent to the use of cookies must be "opt-in" (rather than "opt-out").

Troutman Sanders LLP: 'Facing' Reality: Facebook Knows What You Look Like

Troutman.Sanders@placeholder.com (Troutman Sanders) — Tue, 07 Aug 2012 21:10:00 -0400

It's a bit odd to think that about whether you have a privacy right in what you look like. But as companies continue to gather enormous amounts of all kinds of data - including faces - and wrestle with whether they can monetize that data, the fear of "Big Brother" continues to spark debate.

A few weeks ago, Facebook purchased face.com, an Israeli company that makes facial recognition technology and has 31 billion face images profiled. Consider this with the fact that Facebook automatically scans all 300 million photos that users upload to the site every day. Though Facebook has been using facial recognition software for approximately two years, this recent acquisition of a company that specializes

Troutman Sanders LLP: Risks Associated With Bring Your Own Device ('BYOD') Policies

Troutman.Sanders@placeholder.com (Troutman Sanders) — Fri, 03 Aug 2012 16:59:00 -0400

Over the past year, more and more employers are letting their employees connect personal smartphones or tablets to the employer's network. Some companies have even stopped supplying their employees with computers; instead, employees bring their own laptops to work (or work remotely from home).

These policies are popular with employees. They no longer have to carry around a work and a personal device. They get to choose the technology they prefer to use. And they are able to get their work done efficiently and from any location. They're also popular with employers, who expect to achieve cost savings by not having to supply their employees with devices, and who are very happy with their employees' increased

Keller and Heckman LLP - U.S. Privacy and Data Security Developments: Impact on Retailers

Keller.Heckman@placeholder.com (Keller and Heckman LLP) — Fri, 03 Aug 2012 16:56:00 -0400

The privacy and data security landscape is rapidly evolving in the U.S. and abroad. The emergence of new technologies and new media for collecting, using, and sharing personal information collected from consumers, and new thinking about privacy best practices, affects a range of businesses. Retailers, however, including food retailers, have been a special target for privacy litigation recently. This summary highlights just a few of the recent developments in this area of special interest to retailers.

1. White House Privacy Report: The White House issued a consumer data privacy report in February that builds on a 2010 Department of Commerce Paper. The core concepts in the report are a "Consumer