Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

Data Sharing in Connected Cars

In the age of web-connected vehicles, the consumer’s relationship with the vehicle’s manufacturer takes on a whole new meaning. Not only does the relationship exist for the purpose of vehicle maintenance or future repairs, but the consumer also serves as a rolling information bank to the manufacturer. Indeed, nearly every new vehicle is by default … Continue Reading

Smile and Say “Cheese” — When is a Photo an Educational Record under FERPA?

As the myriad of Family Educational Rights and Privacy Act  (FERPA) interpretation issues continues to cloud many educators’ understanding of what is permissible and not permissible under the statute, some assistance was recently provided by the U.S. Department of Education. The Family Policy Compliance Office (FPCO) advises that as with any other “education record,” a photo or video of a student … Continue Reading

California Consumer Privacy Act Likely to Appear on Ballot in November

Businesses are understandably focused this week on the looming effective date for the European Union’s General Data Protection Regulation (GDPR). For U.S. businesses, however, a proposed law closer to home would raise similar compliance burdens and create potential litigation risks. This November, voters in California will likely vote on whether to pass a ballot initiative, … Continue Reading

Facebook and the English Data Firm Cambridge Analytica (CA) Face Intense Scrutiny for Possible Misuse of Facebook User Data

Facebook and the English data analytics firm Cambridge Analytica (CA) are facing intense scrutiny in response to numerous reports about the possible misuse of data of 50 million Facebook accounts. The data was originally collected through a third party personality test app and later reportedly improperly transferred to CA and/or its parent company Strategic Communications … Continue Reading

European Commission Releases GDPR Guidance

All privacy professionals, whether in the EU or the U.S., need to have an understanding of the implications of General Data Privacy Regulation (GDPR) compliance, particularly since the fines and penalties that could be imposed for non-compliance are intimidating. GDPR goes into effect on May 25, 2018, and many companies are struggling to become compliant … Continue Reading

Federal Trade Commission Approves Settlement with Lenovo Over Ad Software

The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.” The settlement requires Lenovo to not misrepresent the features … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

US Supreme Court Evaluates Privacy of Cell Phone Data

Last Thursday, the United States Supreme Court heard arguments in Carpenter v. United States.  At issue was whether the FBI violated the Fourth Amendment when it obtained the cellphone location records of Timothy Carpenter.  The FBI used these records to establish Mr. Carpenter’s whereabouts during time periods in which certain armed robberies occurred.  The government … Continue Reading

The Reversal of Net Neutrality on Privacy 101

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor. Primarily, the FCC issued broadband privacy rules in … Continue Reading

Big Data and Antitrust: Rethinking Competition Law in the Data Economy

As we approach calendar year end, traditionally the busiest period of the year for mergers and acquisitions, it is worth revisiting whether our existing competition law framework can and does properly assess the market power of big data. This spring, The Economist magazine joined the ranks of some antitrust regulators, particularly from the EU, in … Continue Reading

Do You Have “Security Fatigue”?

Every day it seems a new data security breach has occurred, a new “cyber hack” is in the news…making us run to our phones, computers, bank accounts, you name it, to see if we could be the “one” affected. As a result, more and more online transactions, websites, financial institutions, for work or personal, require … Continue Reading

Empowerment or Intrusion? The College Transparency Act of 2017

Stating the obvious, college is one of the most important and expensive investments Americans make. In addition to tuition costs, from a consumer perspective, other factors should be important in deciding on a college, including graduate employment prospects, average student loan debt, and average number of semesters taken to complete a degree. If you were … Continue Reading

State of Connecticut Provides Guidance on Changes to Education Records of Transgender Students

The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise … Continue Reading

Federal Tax Treatment of Employer-Provided Identity Protection Services

In the wake of several recent high-profile security breaches, employers are increasingly viewing identity theft protection as an essential employee benefit for employees. According to Willis Towers Watson’s 2016 voluntary benefits and services (VBS) survey, identity theft protection, offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018. Recognizing … Continue Reading

To Travel With My Laptop …or Not!

Tricky decision to make if you are among the millions that travel for work…. how safe is it? Will the new “laptop travel ban” affect me? What airports am I connecting through that are of concern?  Is public Wi-Fi secure? Did that person just look over my shoulder (a.k.a. Shoulder Surfing) while I was opening … Continue Reading

Twitter Updates its Privacy Policy

Twitter recently announced updates to its Privacy Policy. The updates are effective on June 18, 2017. By using the social media platform on or after that date, Twitter users will be deemed to have agreed to these updates. The updates enable Twitter to collect more user data, including about a user’s visits from Twitter to … Continue Reading

Misconfigured Backup Server Exposes 7,000+ Medical Records

A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as … Continue Reading

Repeal of FCC Privacy Rules Sparks Concern in U.S. and Europe

The Federal Communications Commission (FCC) privacy rules required providers such as Comcast Corp. and AT&T Inc. to get subscribers’ permission before collecting and sharing their personal data. On April 4, 2017, President Donald Trump signed a congressional resolution rescinding those rules and sparking major concern both in the U.S. and Europe. Indeed, according to a … Continue Reading

Virtual Private Network (VPN) Providers: How Private Are They?

By Executive Order, the Trump Administration recently reversed an Obama Administration order aimed at protecting consumer’s personal information from use by their Internet Service Provider (ISP). ISPrior to the Trump’s EO, ISPs were required to get customer’s consent before using or selling their browsing habits, online shopping habits, financial information, etc. The reversal of Obama’s … Continue Reading
LexBlog