Insights on Privacy Compliance

The Federal Trade Commission recently issued warning letters to companies whose mobile applications contain cutting-edge software that can monitor consumers’ television viewing habits.

On April 13, 2016, the Article 29 Working Party released its opinion on the EU-US Privacy Shield.

Following a settlement, ASUSTeK must maintain a comprehensive security program and endure 20 years of independent audits. The onus is on technology companies to ensure reasonable security measures and practices.

More details are still to come regarding the potential replacement to the invalidated Safe Harbor data transfer mechanism, the EU-US Privacy Shield.

This morning, the European Commission and US Department of Commerce agreed on a Safe Harbor replacement deal, rebranded as the EU-US Privacy Shield.

The EU Commission, Parliament, and Council of Ministers recently reached an agreement on the General Data Protection Regulation (GDPR).

Multinational businesses and EU member states are currently making ad hoc decisions to regulate data transfer to the US. To address the chaos, several EU data protection authorities have issued new guidance.

Banks are a key target for hackers, and finance hub New York aims to set first state regulations in this space. While the cyber regulatory landscape continues to shift, companies should constantly analyze and update security measures as compliance does not guarantee security.

On March 19, 2015, a Minnesota federal judge granted preliminary approval of Target Corporation’s (Target) proposed $10 million settlement of a class action lawsuit, which arose out of a 2013 data breach that compromised personal information of roughly 110 million of Target’s customers.

TRUSTe, Inc., a major provider of privacy certifications for online businesses, recently settled with the Federal Trade Commission (FTC) over charges that it has been engaging in deceptive business practices.

European Data Protection Authorities (DPAs) — the entities responsible for enforcing the European Union (EU) Data Directive and the EU Cookie Directive — are taking part in what is being referred to as “Cookie Sweep Day.”

Recent revisions to Federal Trade Commission (FTC) compliance materials offer new clarity on the Children’s Online Privacy Protection Act (COPPA) Rule and provide businesses with several new tools to consider as they determine how to comply with the Rule’s requirements.

The Federal Trade Commission (FTC) recently won a significant victory in federal court in its ongoing efforts to hold businesses accountable for their data security practices.

In a case against LabMD, a judge ruled that the FTC must disclose the internal standards it uses to determine whether a company maintains adequate data security.

According to the US District Court for the Northern District of California, Google’s co-mingling of the personal identification information (PII) it collects from users across multiple product platforms does not create an injury sufficient to grant standing to sue in federal court.

With the proliferation of smart phones and other mobile devices, it has never been easier for brands and marketers to collect data about the habits and desires of their customers.

Already one of the strictest states in the country when it comes to protecting online privacy, California recently passed another law that may require website operators to change their privacy policies.

Beginning January 1, 2014, websites and online service operators that collect consumers’ personally identifiable information will likely be forced to update their privacy policies to comply with a new law in California.