Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

MLB to Use Biometrics to Replace Traditional Ticketing

Traditional tickets (paper, that is) have already been replaced with mobile tickets for many Major League Baseball (MLB) stadiums across the country, but now, MLB has teamed up with CLEAR, which provides biometric authentication, to implement biometric ticketing at select stadiums. CLEAR will allow baseball fans to use their fingerprints, and eventually facial recognition, to … Continue Reading

Virginia Data Breach Law Amended to Include Income Tax Preparers

We have frequently reported about how devastating and widespread tax fraud is in the U.S.—in the past affecting hundreds of thousands of U.S. taxpayers [view related privacy tip]. Income tax preparers are at risk for cyber intrusions because they hold highly sensitive personal information of their clients, which can be used by criminals to commit … Continue Reading

California Enacts “GDPR-Esque” Privacy Law

On June 28, 2018, the California State Legislature passed, and Governor Jerry Brown signed, the California Consumer Privacy Act of 2018, bringing to the United States many of the rights and compliance obligations currently being applied by the European Union through its General Data Protection Regulation (GDPR). Effective January 1, 2020, the Act gives California … Continue Reading

Data Sharing in Connected Cars

In the age of web-connected vehicles, the consumer’s relationship with the vehicle’s manufacturer takes on a whole new meaning. Not only does the relationship exist for the purpose of vehicle maintenance or future repairs, but the consumer also serves as a rolling information bank to the manufacturer. Indeed, nearly every new vehicle is by default … Continue Reading

Smile and Say “Cheese” — When is a Photo an Educational Record under FERPA?

As the myriad of Family Educational Rights and Privacy Act  (FERPA) interpretation issues continues to cloud many educators’ understanding of what is permissible and not permissible under the statute, some assistance was recently provided by the U.S. Department of Education. The Family Policy Compliance Office (FPCO) advises that as with any other “education record,” a photo or video of a student … Continue Reading

California Consumer Privacy Act Likely to Appear on Ballot in November

Businesses are understandably focused this week on the looming effective date for the European Union’s General Data Protection Regulation (GDPR). For U.S. businesses, however, a proposed law closer to home would raise similar compliance burdens and create potential litigation risks. This November, voters in California will likely vote on whether to pass a ballot initiative, … Continue Reading

Facebook and the English Data Firm Cambridge Analytica (CA) Face Intense Scrutiny for Possible Misuse of Facebook User Data

Facebook and the English data analytics firm Cambridge Analytica (CA) are facing intense scrutiny in response to numerous reports about the possible misuse of data of 50 million Facebook accounts. The data was originally collected through a third party personality test app and later reportedly improperly transferred to CA and/or its parent company Strategic Communications … Continue Reading

European Commission Releases GDPR Guidance

All privacy professionals, whether in the EU or the U.S., need to have an understanding of the implications of General Data Privacy Regulation (GDPR) compliance, particularly since the fines and penalties that could be imposed for non-compliance are intimidating. GDPR goes into effect on May 25, 2018, and many companies are struggling to become compliant … Continue Reading

Federal Trade Commission Approves Settlement with Lenovo Over Ad Software

The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.” The settlement requires Lenovo to not misrepresent the features … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

US Supreme Court Evaluates Privacy of Cell Phone Data

Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States.  At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter.  The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred.  The government … Continue Reading

The Reversal of Net Neutrality on Privacy 101

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in … Continue Reading

Big Data and Antitrust: Rethinking Competition Law in the Data Economy

As we approach calendar year end, traditionally the busiest period of the year for mergers and acquisitions, it is worth revisiting whether our existing competition law framework can and does properly assess the market power of big data. This spring, The Economist magazine joined the ranks of some antitrust regulators, particularly from the EU, in … Continue Reading

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

Empowerment or Intrusion? The College Transparency Act of 2017

Stating the obvious, college is one of the most important and expensive investments Americans make. In addition to tuition costs, from a consumer perspective, other factors should be important in deciding on a college, including graduate employment prospects, average student loan debt, and average number of semesters taken to complete a degree. If you were … Continue Reading

State of Connecticut Provides Guidance on Changes to Education Records of Transgender Students

The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise … Continue Reading

Federal Tax Treatment of Employer-Provided Identity Protection Services

In the wake of several recent high-profile security breaches, employers are increasingly viewing identity theft protection as an essential employee benefit for employees. According to Willis Towers Watson’s 2016 voluntary benefits and services (VBS) survey, identity theft protection, offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018. Recognizing … Continue Reading

To Travel With My Laptop …or Not!

Tricky decision to make if you are among the millions that travel for work…. how safe is it? Will the new “laptop travel ban” affect me? What airports am I connecting through that are of concern?  Is public Wi-Fi secure? Did that person just look over my shoulder (a.k.a. Shoulder Surfing) while I was opening … Continue Reading

Twitter Updates its Privacy Policy

Twitter recently announced updates to its Privacy Policy. The updates are effective on June 18, 2017. By using the social media platform on or after that date, Twitter users will be deemed to have agreed to these updates. The updates enable Twitter to collect more user data, including about a user’s visits from Twitter to … Continue Reading

Misconfigured Backup Server Exposes 7,000+ Medical Records

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as … Continue Reading
LexBlog