Time 2 Minute Read

On October 14, 2009, the Australian government released a report entitled “Enhancing National Privacy Protection” that contains proposed reforms to Australia’s privacy laws, including the Privacy Act 1988 (“Privacy Act”).  In announcing the report, Cabinet Secretary and Special Minister of State Joe Ludwig stated that the reforms aim to “provide for one set of streamlined Privacy Principles for Australian Government agencies and private sector organizations which will provide greater clarity and cut red tape.”  The report comprises the first stage of a two-stage response to a report issued by the Australian Law Reform Commission (“ALRC”) in 2008 that contained 295 recommendations to revise Australian privacy laws and practices.

Time 3 Minute Read

On October 5, 2009, the Federal Trade Commission (“FTC”) issued amendments to its Guides for the Use of Endorsements and Testimonials in Advertising (“Guides”).  Reactions to the amendment have primarily focused on the provisions that require bloggers to disclose their relationship with companies whose products they endorse.  Largely absent from the commentary, however, have been observations regarding theories articulated in the amendments that demonstrate the risk of enforcement for companies that do not have a blog and that do not use third-party bloggers for promotion.

Time 2 Minute Read

The new UK Information Commissioner, Christopher Graham, shared his vision for data protection regulation at his first conference speech in London yesterday.  As the keynote speaker at the 8th Annual Privacy and Data Protection Conference, chaired by Hunton & Williams partner, Bridget Treacy, Christopher Graham positioned himself as a fair, but tough, regulator who will not be afraid to use his strengthened enforcement powers.

Time 1 Minute Read

Lisa J. Sotto, Partner and Chair of Hunton & Williams' Privacy and Information Management practice, discusses the roles individuals, companies, service providers and governments play in helping to create a safer, more trusted Internet.   End to End Trust is Microsoft's broad and all encompassing vision for creating a "safer, more trusted Internet," which is achieved by focusing on three areas: security and privacy fundamentals, technology innovations and social, economic, political and IT alignment.  Microsoft believes these combined elements will help people make better ...

Time 3 Minute Read

On October 6, 2009, the Federal Trade Commission (“FTC”) announced proposed settlement agreements with six companies over charges that they falsely claimed membership in the U.S. Department of Commerce Safe Harbor program.  In six separate complaints, the FTC alleged that ExpatEdge Partners LLC, Onyx Graphics, Inc., Directors Desk LLC, Collectify LLC, and Progressive Gaitways LLC deceived consumers by representing that they maintained current certifications to the Safe Harbor program when such certifications had previously lapsed.  The terms of the proposed settlement agreements prohibit the companies from misrepresenting their membership in any privacy, security or other compliance program.  The six enforcement actions are significant as they mark a considerable uptick in the FTC’s enforcement related to the Safe Harbor program. The FTC recently brought its first enforcement action relevant to the program, which is detailed in our post titled FTC's First Safe Harbor Enforcement Action.

Time 1 Minute Read

Maybe, but it's not that kind of "boxing"...think walls and a lid instead of a ring.  "Boxing is where a consumer’s vision and choices are limited by his or her digital history and the analytics that make judgments based on that digital history."  Government agencies are concerned with outcome-based analytics and its impact on consumer choice.  Read more on "Boxing and Concepts of Harm," written by Marty Abrams of the Centre for Information Policy Leadership, published in the September 2009 issue of Privacy and Data Security Law Journal

Time 1 Minute Read

On October 2, the Council of Europe's Consultative Committee of the Convention 108 on Data Protection ("T-PD") for the first time made publicly available its "Draft Recommendation on the Protection of Individuals with regard to Automatic Processing of Personal Data in the Framework of Profiling."  When it is finalized, the Draft Recommendation will be one of the first documents dealing with online profiling in the private sector issued by an international organization.  The International Chamber of Commerce ("ICC"), which has observer status in the T-PD, has been working to obtain ...

Time 3 Minute Read

The Department of Health and Human Services (“HHS”) has posted to its website a notification form that may be used to report breaches of unsecured protected health information to the agency.  Although some state agencies requiring notice of a breach employ a standard reporting form, the form issued by HHS has several unique features and requests more information than a typical breach reporting form.  Some interesting features of the form include:

  • The form may be used to report both breaches affecting 500 or more individuals, as well as breaches affecting fewer than 500 ...
Time 1 Minute Read

In its announcement that it would convene a series of public roundtables to address developing privacy issues, the Federal Trade Commission requested empirical data on consumer privacy expectations. In response to that request, researchers at the University of California at Berkeley and the University of Pennsylvania have released a study entitled "Americans Reject Tailored Advertising." Survey data reported in the study found that 66% of Americans reject targeted advertising online; 86% reject such ads when told they are made possible through online data collection. The ...

Time 2 Minute Read

On September 23, 2009, the Information Commissioner's Office (the "ICO"), the UK's data protection regulator, issued a press release announcing the approval of the Hyatt Hotels Corporation's binding corporate rules ("BCR") under the new mutual recognition procedure. Hyatt is the first UK applicant to receive approval under the mutual recognition procedure.

Mutual recognition was devised to speed up the process of BCR approval by EU Data Protection Authorities ("DPAs"). Under "mutual recognition," one EU Member State's DPA acts as the lead authority on a company's BCR application. Once approved by the lead authority, the other participating members of the procedure automatically approve the BCR application.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page