Leveraging Knowledge to Manage Your Data Risks
Last week, the Federal Trade Commission (FTC) issued a six-step compliance plan to assist businesses with compliance with the Children’s Online Privacy Protection Act (COPPA). It provides clarity on who is covered by and must comply with COPPA and how companies can get parental consent. It also outlines a six-step compliance plan.
New companies…
On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its…
On February 27, 2017, news reports disclosed a major security breach involving Spiral Toys, the seller of the CloudPets brand of internet-connected stuffed animals. The Bluetooth-connected CloudPets toys allow users to exchange voice messages between the toys and applications on smartphones or tablets. An investigation by cybersecurity researcher Troy Hunt revealed that customer data for over 800,000 registered accounts, including over two million voice recordings, was stored in an unprotected database on the public internet. While the company has denied that any voice recordings were stolen, reports indicate that hackers accessed the open database and attempted to ransom the data.
Continue Reading Data Breach Involving CloudPets “Smart” Toys Raises Internet-of-Things Security Concerns
In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws.
The toys at issue provide children with an interactive experience via…
On December 6, 2016, The Electronic Privacy Information Center, The Campaign for a Commercial Free Childhood, The Center for Digital Democracy and Consumers Union filed a Complaint and Request for Investigation, Injunction and Other Relief (Complaint) with the Federal Trade Commission (FTC) against Genesis Toys (Genesis) and Nuance Communications (Nuance) regarding alleged violations of the…
On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” to provide guidance on the application of the Family Educational Rights and Privacy Act (FERPA) to the disclosure of student medical records in the context of litigation.
FERPA generally prohibits a school from disclosing personally identifiable information from a student’s education…
On May 13, 2016, the Department of Justice and the Department of Education issued a “Dear Colleague Letter” (DCL) describing reasonable steps to protect transgender students under Title IX of the Educational Amendments of 1972 (Title IX) as well as the Family Educational Rights and Privacy Act (FERPA).
Title IX prohibits discrimination on…
If the Hello Barbie complaints weren’t enough, now it has been announced that researchers determined that the kids’ toys, the Fisher-Price Smart Toy Bear and the hereO GPS watch, had some serious security vulnerabilities. The Smart Toy Bear’s backend programming used unsecured application programming interfaces (APIs) to allow portions of software code to interact. Sounds…
We wrote previously about the “Hell No Barbie Campaign” and the recent lawsuit against Mattel for its Hello Barbie doll privacy violations, but through all this hype, we have yet to learn exactly what Hello Barbie is truly capable of. In a new report, Hello Barbie isn’t so bright. First, in order for…
It seems that 2016 will mean MORE child identity theft. Why? Because with the increased amount of data collection from children and young adults at schools, health care facilities, retailers, and by advertising companies, hackers can gain access to centralized data systems with a plethora of high-value information from children. However, perhaps 2016 is also…
