Recently in Privacy Category

California Issues Recommendations for Privacy Policies

Posted

By

The California Attorney General recently published recommendations for developing meaningful privacy policies that comply with the California Online Privacy Protection Act of 2003 (CalOPPA), including recommendations for complying with "Do Not Track" disclosure requirements.  According to the Attorney General, a meaningful privacy policy is one that addresses significant data collection and use practices, uses plain language, and is presented in a readable format.  While the recommendations are not regulations, mandates, or legal opinions, they do identify certain best practices for privacy policies that satisfy the minimum legal requirements.

Ever Lost -- or Worse Yet, Had Stolen -- a Smart Phone, Laptop, Tablet, Etc.?

Posted

By

MPL pic 2.jpgMany of us have been focused on cyber-security, especially in the wake of the recent data breaches over the holidays, among other things.  Two Maryland Law Enforcement Officers are leveraging the power of social media and the Internet to enable you to "Secure What's Yours."   In 2013, acting on their vision, they introduced an innovative approach to reuniting owners with their tangible personal property that was stolen or is missing, e.g., iPhones, Androids, laptops, iPads, TVs, etc., working with law enforcement officers across the nation.

My Property Locker's database allows its users to register valuables that are serialized or contain identifiable marks, enabling them to add pictures of the items along with a copy of their purchase receipts.  Its Apple and Android apps also allow users to scan product UPC codes as part of the registration process. If an item is stolen or comes up missing, the owner can report the loss to My Property Locker -- according to My Property Locker, in 2011, there were an estimated 9,063,173 property crimes offenses across the nation, totaling an estimated $15.6 billion in losses.  Law enforcement officers across the U.S. are able to register with credential verification and to use the Police Advanced Search function to identify the owners of stolen or missing items.  Law enforcement officers and the property owners are then able to work together to reunite the owner with their stolen or lost property.  And, My Property Locker is free to consumers. 

My Property Locker reports that it has been endorsed by the Maryland Crime Prevention Association and the Virginia Crime Prevention Association.  Additional information about My Property Locker is expected to be available on Officer.com.   

Additional Sources:  YouTube, My Property Locker Tutorial - How to add/remove property; Facebook, My Property Locker; iTunes App Store; Google play Android App

Photo:  Courtesy of My Property Locker, All Rights Reserved

Scammers Continue to Target Customers

Posted

By

Targetbillboard.jpgThere have been numerous reports that West Virginia Attorney General Patrick Morrisey issued a warning to consumers on Monday, January 13, 204, about a Target gift card scam occurring throughout the country on social media websites. Evidently, consumers are purportedly offered a Target gift card to make up for the widely-reported December data breach. This is apparently a scam that directs consumers to fake domains pretending to be Target. Morrisey warns that "[c]onsumers also need to be wary of fake domain names pretending to Target popping up."  He further suggested that "[I]f consumers receive communications or offers appearing to be from Target, they should call Target to confirm the communication is legitimate and report any instances of fraud to our office."

 

Other Sources:  Legal Newsline, W. Va. AG warns of Target gift card scam (Jan. 15, 2014); Register Herald, AG warns Target gift card offer is a scam (Jan. 13, 2014); Charleston Daily Mail, Attorney General says Target gift card offers are scams (Jan. 13, 2014)
Image Source: Creative Commons

Around the Virtual World: October 21-25, 2013

Posted

By

MP900449113.JPG

A weekly wrap up of interesting news about virtual worlds, virtual goods and other social media.



A Senator Raises Privacy Questions About Cross-Device Tracking
Senator Edward J. Markey, Democrat of Massachusetts, said that tracking technologies such as cookies are giving way to more sophisticated methods for monitoring users.

Privacy Compliance: Everything Old is New Again
Privacy regulations are sounding a lot like what compliance officers have had to do since the 2000s for anti-corruption efforts.

Debate Escalates Over Mugshot-Removal Outfits
Google Inc.'s recent programming change, moving people's arrest mugshots much lower in search engine results, makes life harder for companies that charge individuals big bucks to remove their photos.

SoftBank Buys 51% of Finnish Mobile Game Maker for $1.5 Billion
The Japanese telecommunications giant SoftBank agreed to buy a 51 percent stake in the Finnish online game company Supercell for around $1.5 billion.

SEC Proposal Brings Crowdfunded Securities Closer to Reality
The expanded use of crowdfunding as a capital raising tool by start-ups and small businesses is closer to reality with proposed rules the Securities and Exchange Commission approved and put out for public comment.

True Beginnings splits from potential buyer
PlentyofFish Media Inc. has broken off a deal to acquire the assets of True Beginnings LLC's online dating business, citing concerns over the members' privacy.


California Internet Privacy Bill Effective January 1

Posted

By

Last Friday, California's Governor Brown signed into law Assembly Bill 370. AB 370 amends California's Business & Professions Code § 22575 to require an operator of a commercial Internet website or online service that collects personally identifiable information about consumers residing in California who use or visit its website or service to disclose how it responds to "do not track" signals or other mechanisms that provide consumers a choice regarding the collection of PII about the consumer's online activities, and to disclose whether others may collect PII when a consumer uses the operator's website or online service. For additional information, read California Internet Privacy Bill Signed by Governor, Effective Jan. 1.

For more information, read the Client Alert.

New Jersey Officially the Newest State with a Social Media Law

Posted

By

On August 29, 2013, Gov. Chris Christie signed New Jersey's social media privacy law, making New Jersey the twelfth state to enact such laws governing employers.  (Various states have enacted similar laws governing institutions of higher education.) 

Christie's signature ends an approximately year and a half long legislative process:  the bill was first introduced on May 10, 2012.  As discussed in prior posts on this blog (New Jersey Assembly Unanimously Passes Revised Social Media Bill, New Jersey Senate Unanimously Passes Revised Social Media Bill), the bill was conditionally vetoed by Christie in May of 2013, then passed again by the Assembly in May and the Senate in August.

New Jersey should be the last state to enact such a law until the various state legislatures begin their next sessions.  But with 24 states having proposed - but not enacted - social media laws in 2013, more can be expected in the future.

New Jersey Senate Unanimously Passes Revised Social Media Bill

Posted

By

On August 19, 2013, the New Jersey Senate passed - by a vote of 36 to 0 - a revised bill barring employers from seeking access to employees' social media accounts. The bill was previously approved by the New Jersey Assembly on May 20, 2013, as discussed in a prior post on this blog.

A prior version of the bill also passed both houses but was conditionally vetoed by Gov. Chris Christie, who expressed concerns about some of the bill's employee-friendly provisions. Among Christie's recommended changes was the removal of a private cause of action by employees.

The bill now awaits Christie's signature. Though the legislature adopted all of the Governor's recommendations, it remains to be seen whether Christie has additional concerns about the new law.

Mobile Privacy Practices

Posted

By

Jim Gatto, Meighan O'Reardon and James Chang recently published "Mobile Privacy Practices: Recent California developments indicate what's to come" in the June issue of Computer Law Review International.

The use of mobile applications has seen huge growth in the past few years. As the use of apps become increasingly commonplace, social concerns such as the privacy of app users will increasingly need addressing. California is taking the lead in regulating this important issue. For more information, including an overview of mobile privacy, a summary of California's stance on how to address the issue, an overview of the state's principles regarding privacy, its best tips for complying with its principles, and an examination of the privacy related laws outside of California, please read the full article: Mobile Privacy Practices: Recent California developments indicate what's to come.

Washington Governor Signs Social Media Bill Into Law

Posted

By

On May 21, 2013, Washington's governor signed a new law protecting employee social networking accounts.

The new law, which goes into effect on July 28, 2013, prevents employers from requesting, requiring or coercing an employee or applicant to disclose login information for the employee's personal social networking account. Employers also may not ask employees to access such accounts in the employer's presence; add the employer to the employee's contacts; or alter third party access settings. Work-related accounts and devices paid for or supplied by the employer are exempt.

If an employer inadvertently receives login information, it is not liable for possessing the information but may not use it to access the employee's account.

Importantly, employers may still:

  • Comply with the requirements of state or federal law;
  • Conduct investigations to comply with laws against work-related employee misconduct based on receiving information about the employee's activity; and
  • Conduct investigations based on receiving information about the unauthorized transfer of proprietary or confidential information or financial data.

The law creates a private cause of action for employees and applicants. Prevailing plaintiffs may be awarded equitable relief, actual damages, a $500 penalty, and reasonable attorneys' fees and costs. However, a court may also award reasonable expenses and attorneys' fees to a prevailing defendent if the judge determines that the action was frivilous and without reasonable cause.

Washington joins Maryland, Illinois, California, Michigan, Utah, Arkansas, and Colorado in enacting such laws. New Mexico has enacted similar legislation, but it prohibits access only to the accounts of prospective employees.

To read more about this law, see Substitute Senate Bill 5211.

New Jersey Assembly Unanimously Passes Revised Social Media Bill

Posted

By

On May 20, 2013, the New Jersey Assembly passed - by a vote of 77 to 0 - a revised bill barring employers from seeking access to employees' social media accounts.

The bill incorporates changes suggested by Governor Chris Christie, including the elimination of a private cause of action. Instead, the law will be enforced by the New Jersey Commissioner of Labor and Workforce Development. Employers would be subject to a maximum civil penalty of $1,000 for the first violation and $2,500 for each subsequent violation.

Under the proposed law, employers may not request or require a current or prospective employee to provide a user name, password, or any other form of access to a personal social networking account. The law applies only to purely personal accounts; the law does not apply to accounts used for business purposes or policies regarding employer-issued devices.

The revised bill now awaits passage by the state Senate, where the prior version of the bill passed with a vote of 38-0.

For more information, please read the Social Media Privacy Bill.

California Moves One Step Closer to Passing Privacy Bill Requiring a Search Warrant for Providers' Customers' Emails

Posted

By

In a 33-1 vote, on May 13, the state Senate approved Senator Mark Leno's bill that would require state law enforcement officials to obtain a search warrant before asking service providers to disclose the contents of their customers' emails. This approval came after Senator Leno agreed to allow for an exemption to the warrant requirement if evidence is at risk of being destroyed or if the individual consents to law enforcement reading his or her emails. Senator Leno, at the hearing, argued that "What this bill will do is one consistent, clear, clean, reasonable policy, which says before any of our emails can be accessed by law enforcement, a warrant will be needed." S.B. 467 will now head to the California Assembly for review.

For more information, read S.B. 467.

Senate Bill 467 Introduced

Posted

By

California Senator Mark Leno recently introduced Senate Bill 467, a bill that would declare the intent of the Legislature to enact legislation prohibiting a government entity from obtaining the contents of a  wire or electronic communication from a provider of electronic communication service or remote computing service. California Penal Code § 1524 authorizes a court or magistrate to issue a warrant for the search of a place and the seizure of property or things identified in the warrant where there is probable cause to believe that specified grounds exist, and also provides for a warrant procedure for the acquisition of stored communications in the possession of a provider of electronic communication service or remote computing service. Specifically, a search warrant may be issued pursuant to Subsection (a)(7) "[w]hen a provider of electronic communication service or remote computing service has records or evidence, as specified in Section 1524.3, showing that property was stolen or embezzled constituting a misdemeanor, or that property or things are in the possession of any person with the intent to use them as a means of committing a misdemeanor public offense, or in the possession of another to whom he or she may have delivered them for the purpose of concealing them or preventing their discovery." If a search warrant is granted, Section 1524.3 requires the disclosure of the name, address, local and long distance telephone toll billing records, telephone number or other subscriber number or identity, and length of service of a subscriber to or customer of the services, and the types of services the subscriber or customer utilized. Under existing law, a governmental entity receiving subscriber records or information under this Section 1524.3 is not required to provide notice to a subscriber or customer.  S.B. 467 has been referred to the Committee on Rules for assignment.

To read a copy of the S.B. 467, see the Senate Bill.

2013 Albrecht Report confirms Major Changes in EU Data Laws - Are You Ready

Posted

By

IAPP.JPGWhy do you need to act urgently even if you feel your data handling is compliant?

If you are a US headquartered company do you need to bother with these new EU laws and significant changes proposed?

2013 has already seen the frenetic pace of change from last year continue regarding new data laws and fines that will affect how all companies, regardless of business sector, use employee or customer data. The European Union, confirmed in the January 2013 Albrecht report, is indeed planning to dramatically amend its EU Data Protection Directive with a new Regulation.

This will tackle recent developments in social media, mobile apps and cloud computing as well as deal with a perceived serious lack of compliance thus far, particularly over use of customer data, lack of proper consents and more invasive marketing and advertising.

Some were hoping that after much discussion and lobbying some of the more serious proposals might be further watered down or deleted, such as the "nuclear" 2% of global turnover/revenue fine for serious breaches of EU data law. However, the recent report from the EU Parliament's Jan Philipp Albrecht confirms the perceived need for even tougher fine levels and more aggressive enforcement. This is all on top of recent changes which saw fines dramatically increased in a number of EU countries, for example in the UK with new powers to issue fines of up to £500,000 (approx $800,000) per breach, and increased fine levels being pursued in France, Spain and so on. These major fines are not theoretical or proposals. They have already come into force and are being used. The "nuclear" option will be in addition.

Other hopes from some in industry that new proposed rights such as that "to be forgotten" might fade away were also dashed. Businesses will have to consider seriously what the impact will be of such changes and also note that such proposals have also highlighted existing requirements, such as not holding onto data for longer than necessary, which are already law and which enforcers are looking to more closely. This, along with the new Binding Corporate Rules (BCRs) for data processors that took effect on 1 January 2013, are just some of the recent changes with respect to privacy in the EU that need immediate attention and consideration even if the business is not EU based.

This week many stakeholders are meeting in Washington DC to take part in a major conference (as is your author) on such issues and it will be interesting to see if the feedback from industry sessions makes its way into deliberations and further fine tuning of the proposed new Regulation. Some further twists and turns are likely but the core new elements will almost certainly not be going away. What is certain is that companies cannot assume they are fully on top of what is arguably the fastest moving area of the law currently. A review of where the business is now and identification of what needs addressing is without doubt a current business imperative.

For an overview of some of the recent changes click here to see a recent Legal Week article.

This blog was originally posted in Pillsbury's SourcingSpeak blog.

Around the Virtual World - February 4-15, 2013

Posted

By

MP900449113.JPG

A weekly wrap up of interesting news about virtual worlds, virtual goods and other social media.

 

 

Path Inc. to Settle Charges Over Collecting Kids' Data
Path Inc., a maker of a popular social networking app, agreed to an $800,000 settlement with the Federal Trade Commission over charges it collected children's personal information without their parents' consent, regulators said Friday.

Feds Urge App Makers, Mobile Operating Systems to Do Better On Privacy
The Federal Trade Commission on Friday issued a list of recommendations of how those who make mobile software can do a better job of protecting user's privacy and making clear what information is being collected.

What the Proposed Apps Act Would Mean for App Developers
Mobile applications have been the subject of a lot of recent attention during the past several months. Back in the fall of 2012, California Attorney General Kamala Harris warned app developers of the need to disclose their privacy practices in order to comply with California's Online Privacy Protection Act and shortly thereafter commenced an action against Delta Airlines for its failure to have displayed a privacy policy on its app.

Fed. Circ. Aims For Clear Rules On Software Patents
A case set for oral arguments before the full Federal Circuit on Friday has the potential to provide much-needed clarity on when inventions implemented using a computer are eligible for a patent, attorneys said.

Brazil: The Social Media Capital of the Universe
Brazil's expanding middle class is increasingly growing online, and social media are particularly popular because of Brazil's hyper-social culture, social-media executives say.

Is Online Gambling Legal If Bitcoins, Not Dollars, Are At Stake?
With no government ties, Bitcoin is used to buy everything from blogging services to Brooklyn-made cupcakes. Theoretically, millions of dollars are being kept in the digital currency, and it's increasingly being used by specialized online gambling websites. But is Bitcoin gambling legal?

 

President Signs Video Privacy Protection Act Amendments Act of 2012

Posted

By

On January 10, 2013, the President signed the Video Privacy Protection Act Amendments Act of 2012 into law. The 2013 Act amends the Video Privacy Protection Act of 1988 (18 USC 2710), which prohibited the sharing or disclosure of video rental history. 

aj-simple-vhs-tape-clip-art.jpgThe 1988 Act was prompted due to the release of then Supreme Court nominee Robert Bork's video rental history. Although there was nothing illicit in Bork's video rentals, Congress noted the ease with which the information was located and disclosed. 

The 1988 Act did not allow for the customer to consent in advance to the disclosure of rental history, rather, informed, written consent had to be obtained each and every time "at the time" of the disclosure.

The New Act now allows sharing of video rental history as long as informed, written consent is received from the customer, including by electronic means such as over the Internet. Notably, this consent must be in a "distinct and separate" form from any other legal or financial obligations. The consent may be given in advance and for a period of up to 2 years, or until it is withdrawn from the consumer.

The enforcement provisions of the 1988 Act remain in full force. Thus, any failure to properly follow the new informed consent requirements could lead to statutory damages of not less than $2,500 per person, attorneys' fees and costs, punitive damages, and equitable relief.