Late last week Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011, S.1535, that if ultimately passed would levy significant penalties for identify theft and other "violations of data privacy and security," criminalize as felonies the installation of software that collects "sensitive" PII without clear and conspicuous notice and consent, and specifies requirements that companies collecting or storing the online data of more than 10,000 individuals adhere to data storage guidelines, including auditing the information security practices of contractors and third party business entities. Penalties include up to $10,000 per violation per day up to a maximum of $20,000,000 per violation per individual.
Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that new regulations and orders introduced by Israel's Ministers Committee for Biometric Applications set the ground for a two-year biometric IDs issuance trial period. The Ministry of Home Affairs is making final preparations to start issuing the IDs that will contain encoded fingerprints and facial image, and will be stored in a national database. A campaign led by privacy activists against the controversial biometric database has failed to yield a positive result so far.
California's infamous SB 1386 (California Civil Code sections 1798.29 and 1798.82) was the very first security breach notification law in the nation in 2002, and nearly every state followed suit. Many states added their own new twists and variations on the theme - new triggers for notification requirements, regulator notice requirements, and content requirements for the notices themselves. Over the years, the California Assembly and Senate have passed numerous bills aimed at amending California's breach notification law to add a regulator notice provision and to require the inclusion of certain content. However, Governor Schwarzenegger vetoed the bills on multiple occasions, at least three times. Earlier this year, State Sen. Joe Simitian (D-Palo Alto) introduced Senate Bill 24, again attempting to enact such changes. Yesterday, August 31, 2011, Governor Brown signed SB 24 into law.
It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country's data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.
On August 18, 2011, the Associate General Counsel of the National Labor Relations Board ("NLRB" or the "Board") issued a report analyzing the Board's recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests.
Building on the InfoLawGroup's depth of experience in social networking and social media, Attorneys David Navetta and Richard Santalesa have co-authored a new whitepaper with the ACE Group, a global leader in insurance and reinsurance, entitled Social Media: The Business Benefits May be Enormous, But Can the Risks - Reputational, Legal, Operational - be Mitigated?
Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been needed. The industry received some of that guidance recently through a whitepaper issued by BITS, the technology arm of The Financial Services Roundtable whose members are 100 of the largest financial institutions in the U.S.The report addresses the compliance, legal, operational, and reputational risks - and related mitigation strategies - of using social media in connection with a financial or banking operation. Regarding compliance, the report discusses the myriad of compliance areas relevant to banks, including marketing, privacy and security. For example, because social media web sites and web activities are deemed advertising by regulators, the report warns of the risks of failing to comply with various marketing laws and regulations applicable to the banking industry, including state Unfair and Deceptive Acts or Practices Acts and Prize and Gift Acts, as well as others that require additional steps for financial institutions, such as Truth in Lending, Truth in Savings, and FDIC membership rules. The paper predicts even stronger and more subjective requirements to come under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Risks of non-compliance vary widely - from litigation and reputation risk, regulatory enforcement actions and in some cases civil money penalties.
On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.
Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.
The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.
InfoLawGroup LLP is delighted to welcome to the firm partners Justine Young Gottshall and Jamie Rubin. Gottshall and Rubin are former partners at Wildman, Harrold Allen & Dixon in Chicago. As nationally-recognized leaders in Digital, Media, Advertising, Privacy and Promotions law, they bring new depth to InfoLawGroup's practice.