|
|
|
|
||
|
||
|
Vol. 8, Nos. 1-44, pp. 1-1640 Jan. 5 -- Nov. 9, 2009 A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
CABLE TELEVISION
Cloud computing, L.A. City Council approves moving e-mail and internet services to Google Cloud, 1565
Computer fraud, changing server password after joint venture failed violates state law (D.N.J.), 1530 Craigslist sues auto-posting software maker (N.D. Cal.), In Brief, 1506 Data breach notification
Amendment proposed, 5; amendments under review, 507; bill clears the state Senate, 679; state AG notification requirement bill clears legislature, 1310; governor vetoes, 1498
Health data amendment, over 800 breaches reported since Jan., 1053
Ameritrade customer e-mail accounts hacked, despite attorney fee concerns proposed class settlement approved (N.D. Cal.), 750; court rejects settlement, decertifies class, 1560
Gap stores job applicant data on stolen laptop, future identity theft risk claim insufficient (N.D. Cal.), Special Report, 569 Kaiser Permanente hospital employee inappropriately accessed patient's medical records, Cal. agency fines hospital, 738; new patient privacy statute and tabloid legislating, Analysis and Perspective, 943; agency issues another fine for second violation, 1054 Domestic violence, e-mail account accessed by ex-spouse may be abuse (Cal. Ct. App.), In Brief, 806 E-Verify, bill bans local government use, governor vetoes, 1498
Aggregator, Facebook brings claims against (N.D. Cal.), In Brief, 92
Beacon program class action settlement, Facebook agrees to shut down service (N.D. Cal.), 1380; court gives preliminary approval of deal, 1561 Data mining, alleged to be malicious data harvester in disguise (Cal. Super. Ct.), In Brief, 1293 Geographic information, Santa Clara County electronic map must be disclosed (Cal. Ct. App.), 469 Hacking, using a Cal.-based anonymizer service to access Yahoo account creates jurisdiction (N.D. Cal.), In Brief, 1539 Pasadena police department entitled to qualified immunity, privacy invasion award nixed (Cal. Ct. App.), In Brief, 806 Patient privacy statute and tabloid legislating, Analysis and Perspective, 943 Photographs of private property, state considers limits on posting images online, 470 Social networking sites disclosure bill vetoed, 1498 Song-Beverly Credit Card Act
E-mail requested by Pottery Barn at point of sale, suit not preempted by CAN-SPAM (Cal. Ct. App.), 1384
Jury trial not available on class claim of customers asked for home phone number (E.D. Cal.), In Brief, 1440 Party City, zip codes do not fall under state law (Cal. Ct. App.), 13 Symantec, data collection ban inapplicable online (C.D. Cal.), 302 Williams-Sonoma, zip code collection and marketing use does not violate (Cal. Ct. App.), 1562
Deceptive e-mail subject claims not preempted (N.D. Cal.), 800
Facebook users hit with TRO, including King of Spam (N.D. Cal.), In Brief, 447 False advertising claims survive preemption (N.D. Cal.), 709 ICANN breach, domain registrar and proxy service not liable, spam recipient not beneficiary (N.D. Cal.), 1618 Reunion.com's forward-to-a-friend e-mails, standing in federal court requires damages (N.D. Cal.), 42 Vonage e-mails from multiple domain names, whether state law prohibits (9th Cir.), 15; whether state claim preempted (Cal.), In Brief, 252
Cell phone calls unsolicited, wireless firms ask FCC for enforcement, consumer complaints increase, 737
Craigslist sues auto-posting software maker (N.D. Cal.), In Brief, 1506
Aggregator, claims brought against (N.D. Cal.), In Brief, 92
Phishing, spammers hit with TRO, including King of Spam (N.D. Cal.), In Brief, 447 Forwarding service not provider, firm lacks standing (9th Cir.), In Brief, 1539 Obscenity judged by national standard, phrase material falsification not unconstitutionally vague (9th Cir.), 1611 Preemption
California
Deceptive e-mail subject claims not preempted (N.D. Cal.), 800
False advertising claims survive preemption (N.D. Cal.), 709 Pottery Barn point of sale request, suit not preempted (Cal. Ct. App.), 1384 Vonage e-mails from multiple domain names, whether state claim preempted (Cal.), In Brief, 252 Project Honey Pot seeks assistance of banks and clearinghouse vendors to identify hackers (E.D. Va.), 1236 Students targeted in scheme, four indicted (W.D. Mo.), In Brief, 677
Accountants
Generally Accepted Privacy Principles (GAPP), comments sought on draft update, 504; comment period extended, 747; updated principles add risk management and portable devices criteria, 1606
Toolkit for small and medium-sized businesses, industry group publishes, 1311 Airport security pilot projects, privacy office reviewing impact assessments, 1504 Alberta, Personal Information Protection Act, amendments proposed, 1574 Audits completed on Elections Canada, Passport Canada, Canada Revenue Agency, and Service Canada, 311 Background search firm, Canada Privacy Office with FTC help finds Accusearch breached PIPEDA, 1173 Cross-border data sharing, new guidelines set on transfers, 208; PIPEDA allows transfer of citizens' data from Canada but protections follow, ABA Conf., 646 Data breaches
Alberta proposed amendments include government notification, 1574
Health data theft, Alberta privacy agency probing attack, 1032 Losses due to IT breaches nearly doubled this year, 1437 Radisson Hotel chain says hackers gained access to guest data, 1232 Saskatchewan annual report, In Brief, 993
Bell Canada needs to explain use, 1289
Privacy Comm'r critical of web traffic management tools, 405
Bulletin board, disclosure ordered (Ontario Super. Ct.), 538
York Univ., internet users not entitled to chance to object to ID disclosure by ISPs (Ontario Super. Ct.), 1352
Enforcement, regulator issues first notices, 1032; agency issues first fines, 1288
Extension increases from three to five years but rejects permanent registration, 633 Insurance and real estate agents, bulletins clarify obligations, 783 Fingerprint data sharing agreement between with U.K., and Australia concerns Canadian Privacy Comm'r, 1283 Fraud and breach of trust, former privacy chief Radwanski acquitted, In Brief, 343 Google Street View, officials welcome retention policy, 1479 Health data
Foreign litigation use, only domestic courts may approve, 251
Nova Scotia, omnibus health records privacy protection bill includes breach notice and marketing limits, 1617 Identity management systems, Ontario unveils online tool, In Brief, 251 Identity theft, tough legislation reintroduced, to amend criminal code, 565; bill passes Senate, Stoddart argues rules better option, 932; Stoddart urges coordinated approach, 1438; Canadian Parliament passes bill but implementing provisions delayed, 1575 Internet traffic management technologies, new policy addresses customer privacy, 1536 Jurors, Ontario investigating police checks, In Brief, 883 Laptop encryption
Alberta Health Services denounced for failure to encrypt stolen laptops, 964
Ponemon human factor survey, 132 Ontario Info. and Privacy Comm'r, Cavoukian named to third term, 840 Pawn shop customer data collection (Alberta Ct. of Queen's Beach), In Brief, 91 PIPEDA annual report finds more complaints filed, urges online caution, 1478 Retailer return policies, collection of customer data probed by Ontario agency and Ernst & Young, 171 Social networking websites
Facebook
Case summary, agency report cites ongoing problems, 1061; Privacy Comm'n approves plan to bring site into PIPEDA compliance, 1289
Discovery of plaintiff's postings allowed despite privacy settings (Ontario Super. Ct.), 406 User ID verification, privacy office will not require, In Brief, 634 Taxation, eBay Canada must reveal PowerSellers data, 1470 Telecommunication agency launches review of customer data use and privacy rules, 312 Video monitoring
Best practices, privacy agency finalizes guide, 839
PI video spying, privacy office may seek court order to enforce recommendation, 881 Picketing, Alberta agency ruling set limits on union use, 566
Banking, security and privacy top concerns, KPMG report, In Brief, 567
Billing documents, numbers must be redacted before disclosure (Pa.), In Brief, 21 Camera phone require sound, In Brief Debt calls to landline transferred to cell phone, FCC seeks comments, 494 Employee monitoring policies, IAPP Privacy Summit speaker says companies must update to keep pace with technology, 480 Encryption of portable devices, ICO orders Home Office, 168 Fla., Blackberry messages are public records, In Brief, 1392 Location data and services
Best practices, trade association revises, In Brief, 48
Consumer choice called key to success at State of Mobile Net conference, 621 COPPA, FTC expedites rules review due to trends, 615 FTC probe, consumer groups seek, stronger data collection notice urged, 76; FTC report focuses on COPPA rules, text spam, and spyware, 615 Japan moves to limit use of internet and location data for targeted ads, 1282 Wal-Mart Stores, new privacy policy contains some opt-ins and customer preference center, 1053 Prerecorded debt calls may violate TCPA (W.D.N.Y.), In Brief, 1578 Smishing, tax officials note new data security threats, 868 Spain no-mail registry list expanded to calls, texts, and e-mails, 987 Spam
Canadian bill creates private right to sue and include penalties, ISPs support, 671; bill includes clause to end marketer no-call list but not immediately, 713; Analysis and Perspective, 810
CFAA loss, collective class can together satisfy threshold but pleadings must transcend mere allegations (D. Minn.), 1147 EMX Pty agrees to pay Australian text message fine, In Brief, 49 Irish DPA has no duty to seek informal resolution prior to filing suit (H. Ct.), 170
See SPOOFING
Telemarketing
FCC, wireless firms seeks enforcement of TCPA and CAN-SPAM Act, consumer complaints increase, 737
Text messages are calls under TCPA, capacity not actual activity decisive (9th Cir.), 959 Verizon Wireless to be paid by telemarketer to settle suit over unsolicited calls (D.N.J.), 500 Wiretapping, texting with arrestee's cell phone required warrant (Pa. Super. Ct.), In Brief, 939 Yahoo privacy policy now allows opt-out of behavioral tracking, 1092
FBI internet crime report for 2008, fraud and other activity complaints rose 33 percent, 529
ISP data retention requirements Search and seizure
Delay in getting computer search warrant unreasonable and requires suppression of evidence (11th Cir.), 669
One-hour computer upgrade service, whether privacy expectation (U.S., rev den), In Brief, 882 Paramedic, co-worker search of laptop not as government agent, no evidence ban (8th Cir.), In Brief, 473 Probable cause, old porn site subscription enough to establish (6th Cir.), In Brief, 1506 Virus search consent does not extend to images (Ill. App. Ct.), In Brief, 747 Warrant for documents and records did not justify search of computer at scene (9th Cir.), 1171 U.K., parliamentary group launches inquiry into ISP role in catching bad actors, 675
Article 29 Working Party, data rights second to child's best interest, In Brief, 343
Broadband access, FCC seeks comments on privacy issues, 555; comments received, 863; FTC files comments, 1307 COPPA Mental health records
Custody court may order evaluation but not require disclosure of existing records (Pa. Super. Ct.), In Brief, 474
Mother properly denied access, children's best interests trump parent's statutory right to release of such records (Iowa), 627
Exemption proposed, 443
Families sue state agency alleging violations (Minn. Dist. Ct.), 443 Search consent of own bedroom from child victim invalid (Mont.), In Brief, 940 Social networking websites
EU self-regulatory pact signed, 279
German site faces blackmail after theft of user data, 1533 Spain, DPA and IT institute report studies on privacy risks, 280; DPA in consultations with firms to discuss privacy and protections, 537; Tuenti site to fix gaps, In Brief, 1035; Facebook, new system to establish stricter privacy protections, In Brief, 1103
Leicester City Council nursery, ICO takes enforcement action, In Brief, 785
Manchester City Council ordered to encrypt laptops after theft, In Brief, 965 Neath Port Talbot County Borough Council ordered to encrypt all portable devices after losing memory stick, In Brief, 1103 Wigan Council laptop with children's data stolen, ICO examining, In Brief, 567; ICO orders encryption of mobile devices, 1288
Apparel marketer agrees to FTC fine to settle data collection and privacy notice claims (S.D.N.Y.), 1521
Mobile marketing trends, FTC expedites rules review due to, 615 Parental control software tracking and selling online activity data of minors (FTC), 1472
Government transparency law takes effect, data must be posted online, 632
Cell phone user registration, Guangdong province rejects bill to require, 881
Credit agencies, draft data collection and usage rules issued, 1500; legal experts laud new draft rule, 1573 Cyber-hunting
Jiangsu Province passes ordinance, 206
Wife's suicide, man harassed after personal data posted, awarded damages, 90 Data security certification rule, China drops for foreign products sold in private security, 670
See PROCEDURE
Data breaches, Hannaford Bros. Co., one consumer suit remanded due to home state exception (1st Cir.), 720; bulk of claims dismissed, only narrow negligent damages action survives (D. Me.), 749; hacker indicted in record breaking case (D.N.J.), Special Report, 1244; hacker pleads guilty (D. Mass.), 1272; judge certifies damages question to state court (D. Me.), 1495
AOL, class argues embedded e-mail ads violate ECPA (C.D. Cal.), In Brief, 806
Argentina, telecommunication data retention law unconstitutional, limited class action rights acknowledged (CSJN), 340 Background checks, Dallas-based corporate events planner, EEOC files class suit over firm's use of credit and criminal histories in hiring (D. Md.), 1471 Cal., Song-Beverly Credit Card Act
Jury trial not available on class claim of customers asked for home phone number (E.D. Cal.), In Brief, 1440
Williams-Sonoma, zip code collection and marketing use does not violate (Cal. Ct. App.), 1562 Zip codes do not fall under state law barring retailer collection of personal data (Cal. Ct. App.), 13
Ameritrade customer e-mail accounts hacked, despite attorney fee concerns proposed class settlement approved (N.D. Cal.), 750; court rejects settlement, decertifies class, 1560
AOL research database, most of class must file in Va. (9th Cir.), In Brief, 210 Bank of America settlement, privacy class objectors' claims tossed (Cal. Ct. App.), 987 Circuit City customer suit against Chase Cards Services dismissed (S.D.N.Y.), 1055 Countrywide owner Bank of America to cover data breach freeze costs, consumer class action settlement proposed (W.D. Ky.), 205 Hannaford Bros. Co., one consumer suit remanded due to CAFA home state exception (1st Cir.), 720; bulk of claims dismissed, only narrow negligent damages action survives (D. Me.), 749; hacker indicted in record breaking case (D.N.J.), Special Report, 1244; hacker pleads guilty (D. Mass.), 1272; judge certifies damages question to state court (D. Me.), 1495 Heartland Payment Sys.
See DATA BREACHES
Starbucks laptop stolen, workers file class action (W.D. Wash.), 336 TJX Cos., remaining bank plaintiffs may pursue some claims (1st Cir.), 532; final bank plaintiffs settle claims (D. Mass.), 1260; hacker pleads guilty, 1272 Veterans' Affairs Dep't (VA)
Medical center hard drive lost, putative class cannot demonstrate actual damages, APA claims remanded (11th Cir.), 929
Theft of personal data, veterans settle Privacy Act claims (D.D.C.), 199; settlement approved, In Brief, 314; attorneys' fee award lowered, 1385 Discrimination, Target settles web access claims of blind consumer class (N.D. Cal.), In Brief, 447 Equifax, class alleging firm failed to verify data in credit reports with public source certified (D.N.J.), 1529
Beacon program
Blockbuster cannot compel arbitration when contract illusory and unenforceable (N.D. Tex.), 626
Shut down of program agreed to in class action settlement (N.D. Cal.), 1380; court gives preliminary approval of deal, 1561
Bacci Cafe, class of customers certified, third party complaint against processing equipment company dismissed (N.D. Ill.), 1279
Brand identifier, FACT Act does not prohibit inclusion when also appears in word form (W.D. Mich.), 1350 Business-owned card transaction does not invoke liability (N.D. Ill.), 1382 Mexican Specialty Foods, statutory damages provision constitutional, credit card receipt class suit revived (11th Cir.), 710 HITECH Act suit filed, alleges law violates privacy by failing to protect data (S.D.N.Y.), 1026 IP addresses not personal data, collection ban agreement not breached (W.D. Wash.), 1022 Junk faxes
Afgo Mech. Servs. suit rejected due to lack of jurisdiction when statutory damage threshold not meet (D.N.J.), 1274
Al Copeland Inv., manifestly erroneous certification reversed (La. Ct. App.), 1380 Beaty Constr., recipients class certified (N.D. Ill.), In Brief, 314 Partial owners of machines removed from class (E.D. Ill.), In Brief, 1538 NSA telecommunications records litigation, class action claims dismissed, FISA amendments constitutional (N.D. Cal.), 828 Power-of-attorney status applicants, final FCRA settlement over Bank of America credit reviews approved (E.D. Pa.), 274 Spam, collective class can together satisfy CFAA loss threshold but pleadings must transcend mere allegations (D. Minn.), 1147 Time Warner, court approves class settlement in cable firm sale of customer data (E.D.N.Y.), 1144 USPS co-branding efforts, worker unjust enrichment challenge on alleged personal data disclosure dismissed (W.D. Wash.), 1277 Video monitoring of police employee locker room, class settlement approved (C.D. Cal.), 1271
See INTERNET
See SCHOOLS
Cybercrime law signed, 43
Assistant secretary for communications and information, Senate approves Strickling, 981
Budget FY2009, Omnibus Appropriations Act Secretary, Symantec CEO Thompson is leading candidate, 194; Obama names Gregg (R-NH), 231; Gregg withdraws, delays in sub-cabinet appointments, 270; Locke nominated, 328; Senate Commerce Comm. approves nomination, 460; Senate approves nomination, 494 Undersecretary O'Neill, BNA interview, 94
Anti-spyware software, good Samaritan provisions shields from claims brought by internet services (9th Cir.), 984
Money laundering with alleged fraudulent ads, CDA controls unless Google requires illegal content (N.D. Cal.), In Brief, 49 MySpace not contact provider, not liable for assault by sexual predator (E.D. Tex.), 831 Telephone records sold, no immunity from FTC Act unfair practices claims (10th Cir.), 1020 Union not liable for members' web comments when not acting as union agents (D. Nev.), In Brief, 678 Yahoo shielded from claim for failure to remove content (9th Cir.), In Brief, 805; opinion amended, In Brief, 995
Access authorization
Am. Family Mutual Ins., sending letters to client list ruled authorized (N.D. Iowa), In Brief, 447
B13 director's alleged misuse not without authorization if he controlled database (N.D. Ill.), 1148 Black & Decker employee signed confidentiality agreement, petition denied (6th Cir.), In Brief, 210 Bridal Expo contact lists copied by ex-employees before leaving, data misuse not covered (S.D Tex.), 275 Codux Intl., downloading proprietary information not unauthorized, later misuse not covered (D. Minn.), 15 Ervin & Smith Adver., access unauthorized when worker policy breached (D. Neb.), In Brief, 313 Lasco Foods, employees' bad intent made data access unauthorized (E.D. Mo.), 1609 LVRC Holdings, authorization based on employer policies not misuse (9th Cir.), 1377; employers should revisit data misuse policy, Special Report, 1441 MySpace, fictitious page leads to teenage girl's suicide, CFAA provision that arguably criminalized breaches of terms of service void for vagueness (C.D. Cal.), 1278; attorneys offer terms of service drafting suggestions, 1343 P2P shared folder, no unauthorized access when files accessible to general public (E.D. Pa.), In Brief, 407 SalesTraq Am., claim fails against party who paid for access but misused contents, other claims continue (D. Nev.), 931 Social Security Admin., former employee found guilty with exceeding (S.D. Fla.), In Brief, 1175 US Bioservices, plaintiff used information authorized to access to form competing business, misuse not CFAA claim (D. Kan..), 202 Vurv Tech., employees' authorization to access corporate data terminated on last workday (N.D. Ga.), 1145 Damage or loss requirement
Allied Safety Consultants, costs and lost profits not loss without service interruptions (E.D. Tenn.), 1379
Bloomington-Normal Seating, allegations of loss alone enough to advance to trial (C.D. Ill.), 830 Civil claims
Councilwoman claims unauthorized access of her e-mail by mayor, damage not required (N.D. Ill.), 1275
Former employees misuse proprietary data, loss above CFAA floor yields federal jurisdiction (N.D. Tex.), 441 Expert search not CFAA loss when pre-litigation action, IT agreement breach claim survives (N.D. Ill.), 533 Expired password use to access software neither, copyright claims also fail (N.D. Ill.), 986 Goodwill loss qualifies (D. Or.), In Brief, 1355 Laptops, worker delay in returning and deletions meet requirements but dismissed due to no evidence of unauthorized access (E.D. Mo.), 236 Limitations period runs from discovery of damage, not loss (N.D. Ill.), In Brief, 448 Lost revenue due to misappropriated data does not qualify (M.D. Ga.), 81 Motorola, former employee date misuse, alleged losses sufficient to pursue claims (N.D. Ill.), 335 Paradigm Alliance, costs to investigate unauthorized website access were losses (D. Kan.), 1497 Spam, collective class can together satisfy CFAA threshold but pleadings must transcend mere allegations (D. Minn.), 1147 TelQuest Intl., costs of computer misuse probe and alleged lost revenues not losses (D.N.J.), 1496 Time bomb code theory by software purchaser satisfies pleading requirement (D.N.J.), 164 Time Warner, claim resting on ISP network throttling must allege damage and loss (S.D.N.Y.), 1149
Aggregator, claims brought against (N.D. Cal.), In Brief, 92
Beacon program class action settlement, Facebook agrees to shut down service (N.D. Cal.), 1380; court gives preliminary approval of deal, 1561 Phishing, spammers hit with TRO, including King of Spam (N.D. Cal.), In Brief, 447 Protected computers
Cenveo, claims failed when unsure how employee accessed confidential executive salary information (D. Conn.), 1497
Dedalus Found., use in commerce definition refers to device not access route (S.D.N.Y.), 1609
China, data security certification rule dropped for foreign products sold in private security, 670
Converge IT asset disposition trends survey, data security chief concern, In Brief, 540 Cybercrime
See CYBERCRIME
See E-MAIL
Extortion threat to computers, laid off worker pleads guilty (D.N.J.), In Brief, 677 File sharing
See FILE SHARING
Fraud
Cal. and N.J. state laws, changing server password after joint venture failed violates (D.N.J.), 1530
CFAA
See HACKING
See INTERNET
Laptops
See LAPTOPS
N.Y., tax break for data security hires and purchased technology proposed for businesses, 636 Scareware scheme, FTC reaches accord with defendants (D. Md.), 952; CEO's role in management of ads supports individual claims against him, 1381 Search and seizure
Subscription automatic renewal programs, firms and N.Y. settlement includes penalties and disclosure reforms, In Brief, 940
Unauthorized use, sanction granted for post-notice deletion (W.D. Ky.), In Brief, 1152
See SPAM
See SPYWARE
See DATA BREACHES
Virus search consent does not extend to child pornography images (Ill. App. Ct.), In Brief, 747
Ed. Note: A list of upcoming conferences and meetings appears in the Journal section at the end of selected issues.
American Bar Ass'n (ABA)
Administrative Practice Comm., 748
American Law Institute teleconference, 78 Annual meeting 2009
E-discovery, 1180
Health 2.0, 1200 Social networks and mobile marketing, 1178 Workplace policies, 1177 Business Law Section
Cloud computing, 646
PIPEDA, 646 Web 2.0 technologies, 647 EEOC considers guidance on background checks, teleconference, 600 Employment Rights and Responsibilities Comm. spring meeting, 542 Health and welfare benefit plan conference, 1524 Health Law Section, 558 Technology in the Practice and Workplace Comm., 712 Washington Healthcare Summit, 1558 American Health Info. Mgmt. Ass'n
E-health records, 1232
Red flag rules, 1233 Anti-Counterfeiting Trade Agreement, Rabat talks, 1091 Armed Forces Communications and Elec. Ass'n, 57 Asia-Pacific Economic Cooperation (APEC)
Cross-border data transfer enforcement agreement endorsed, 1154
Data privacy subgroup technical forum, 338 Children's Health Fund, e-health panel discussion, 1051 Collaboration on Government Secrecy, Information Policy in the New Administration, 191 Computer & Communications Industry Ass'n
Boucher (D-Va), 702
FTC Leibowitz, 705
Cloud computing under ECPA, 827
Online advertising consent, 827 Congressional Internet Caucus
Annual State of the Net Conf., 77
Cybersecurity forum, 843 Council for Electronic Revenue Communication Advancement (CERCA) spring meeting, In Brief, 677 D.C. Bar session on GINA rules, 1525 Duke Univ., School of Public Policy, Protecting National Security and Privacy, 193 Dutch government agencies meet with ISPs on data retention, 1535 E-health Initiative webinar on stimulus provisions, 587; 622 Electronic Data Exchange Workshop, 668 EEOC GINA public meeting, 325 EC Data Protection Conference 2009
EU framework, 781
International framework, 779 European Privacy and Data Protection Commissioner's Conf., 675 EU Article 29 Working Party
69th plenary session
Children's data rights, 343
E-discovery, 315 Search engine data retention standards, 278 Brussels meeting, 1480 FTC, OECD, and APEC workshop, Securing Personal Data in the Global Economy
Leibowitz says FTC will enforce requirements and seek global common ground, 461
Self-regulatory guidance, 462 George Mason Univ. and Microsoft conference, behavioral tracking, 733 Global Cyber Security Conf., 1175 Health and Human Service Dep't HIT conference, 980 Health Insurance Portability and Accountability Act, 17th Summit, 1348 HIT Policy Comm.
HHS draft meaningful use standards, 925; comments received, clarification may be needed, 954
Inaugural meeting, 734 Meaningful use timeline set, certification recommendations presented, 1230 HIT Standards Comm. inaugural meeting, 772 HITECH Act Capitol Hill forum, 496 Homeland security, Data Privacy and Integrity Advisory Comm. teleconference, 269 House Cybersecurity Caucus teleconference, 493 ICANN
Board meeting in Sydney, 981
35th Intl. Public Meeting, 842 International Ass'n of Privacy Professionals (IAPP), Privacy Academy
Cloud computing, 1398
E-health, 1401 Health data breach notice rules, 1401 Mass. data security rules, 1399 Social networking sites, 1398
Business Forum for Consumer Privacy paper, 477
Cloud computing, 475 Data brokers, 478 E-health adoption, 481 Employee monitoring policies, 480 Genetic data, 482 Internet privacy notices, 479 Medical identity theft, 482 Self-regulatory framework, 331 Senate Commerce Comm., 478
Bilbao meeting, global data standards, 934
Madrid meeting
Barcelona preparatory meeting, 85
Conference report, 1620 Data processing standards, draft proposal, 779 International Found. of Employee Benefit Plans, HITECH Act webcast, 394 International Telecomm. Union (ITU), Telecom World 2009, 1476 IRS Software Developers Conf., 868 Jackson Lewis, E-Verify webinar, 1377 Mass. Inst. of Tech., HIT Symposium, HITECH Act
Implementation discussed, 1017
Total grants higher than anticipated, 980 National Employment Law Inst., 1266 National Governors Ass'n panel on stimulus package e-health provisions, 401 National Legal Malpractice Conf., 678 Object Management Group Cloud Standards Summit, 1091 Philippine Comm'n on Info. and Communications Tech., 435 Proskauer Rose, privacy and data security conference, 1466 RSA Conference 2009
Cybercrime, 641; 644
Cybersecurity, 640 Cybersecurity review preview, 644 Federal data security under Obama, 643 Survey results, 642
E-discovery, 440
E-Verify, 441 State of Mobile Net conference, 621 TechAmerica press event on cybersecurity review, 795 TRUSTe and Center for Democracy and Tech. talk at Google, 1469 Univ. of Cal. Berkeley law forum on social networking, 1566 U.S. Chamber of Commerce, Lieberman (I-Conn) speech, 1605 World Anti-Doping Agency, 748
Attorneys
Pretexting claim in confidential business information dispute, jury award to former saleswoman (Ill. Cir. Ct.), 1528 Suspicious Activity Reports (SARs), FinCEN and OCC propose standards, 439 Tax returns
See TAXATION, subheading: Disclosure of tax return data
See TRADE SECRETS
Ed. Note: For coverage of legislation by bill number, see LEGISLATION, FEDERAL. For information on measures not yet assigned bill numbers, see relevant subject headings.
Congressional Internet Caucus
Annual State of the Net Conf., 77
Cybersecurity Policy Review forum, 843 Sen. Thane (R-SD) added as co-chair, In Brief, 635
Homeland Security Comm., Langevin takes leave of absence, 79
Internet and Telecommunications panel, Markey (D-Mass) gives up chair, Boucher (D-Va) assumes, 39; Boucher expresses interest in privacy and data collection legislation, 229 Senate
Communications and Technology panel reformed, Kerry (D-Mass) named chair, 286
Judiciary Comm., Sessions (R-Ala) named ranking GOP member, In Brief, 716 Kennedy's (D-Mass) passing impacts key committee leadership positions, 1264; Harkin (D-Iowa) picked as new HELP Comm. chair, 1308
Data breaches
Bank of N.Y. Mellon agrees to pay state, already paying for credit protection, 241
Countrywide owner Bank of America to cover data breach freeze costs, consumer class action settlement proposed (W.D. Ky.), 205 People's United Bank laptop lost, post-breach fear of identity theft satisfies standing but not compensable without loss (D. Conn.), 1348 Payment card receipt printing restrictions, bill introduced, 215 Prescription data, bill restricts use for marketing, 256 Taxation
Audit report on stolen agency laptop concludes failure to properly manage and protect data, 1499
Swiss bank client names, state AG seeks UBS names, 1285; Swiss judge orders UBS to notify clients before turning over account details, 1391
First Amendment
Freedom of speech
Malicious prosecution not found in conviction for computer spying on coworkers (W.D Va.), In Brief, 1313
Search and seizure
Double jeopardy attaches to federal statutes on ID theft and aggravated ID theft (11th Cir.), 1272
Due process
See DUE PROCESS
Self-incrimination, production of unencrypted version of laptop's hard drive does not qualify (D. Vt.), 398
Identity theft, privacy right not implicated by SSN stolen off county clerk's website (U.S., rev den), 81; In Brief, 90
Nude cell phone photo viewing by police prompts lawsuit (W.D. Va.), In Brief, 599; lacked objectively reasonable expectation of privacy, 1349 Prisoner's DNA, challenge to collection and storage rejected (D.C. Cir.), In Brief, 50 Confrontation Clause, privilege extends to private therapist's records (Del.), In Brief, 718 E-Verify system, Ill. law barring use unconstitutional (C.D. Ill.), 468 FISA Amendments, NSA telecommunications records litigation, class action claims dismissed (N.D. Cal.), 828 Me. minor marketing law challenge dismissed though law likely unconstitutional (D. Me.), 1305; law successful in increasing focus on issue, Analysis and Perspective, 1320 Smoking workplace policies, Analysis and Perspective, 1540 Void for vagueness doctrine
CAN-SPAM Act phrase material falsification not unconstitutionally vague (9th Cir.), 1611
MySpace, fictitious page that leads to teenage girl's suicide violates terms of service, acquittal motion on CFFA provision granted (C.D. Cal.), 1278; attorneys offer terms of service drafting suggestions, 1343
FTC chair assures lawmakers agency would maintain key powers, Consumer Union supportive, 1016
Hill Watch, status of significant bills, chart, 1333 Obama financial regulatory reform proposal includes, FTC to share power, 977
Behavioral targeting
See ADVERTISING
Credit reports
See CREDIT REPORTS
See DATA BREACHES
Data handling, groups say regulators can keep pace with technology only with focus on corporate accountability, 1563 Digital consumer rights guide, EC launches, In Brief, 717 Do-not-call registries
See IDENTITY THEFT
See FAXES
Sears Holdings Mgmt. settles FTC claims of consumer data collection without proper disclosure (FTC), 824; proposed settlement involves software tracking of online activity, 869; settlement casts doubt on sufficiency of established practice, Viewpoint, 1070; FTC approves final consent order, 1306 Self-regulatory framework, industry coalition drops effort to craft legislation, 331 Senate Commerce Comm. expected to revisit proposals, IAPP Privacy Summit, 478 Sentinel Network Data Book, FTC reports that ID theft once again leading complaints, 329 Spam
See SPAM
See TELEMARKETING
Anti-Counterfeiting Trade Agreement, groups seek to restrict internet use and ask for more documentation on talks, 774; privacy groups concerned about internet privacy ramifications, 1091
Blanket filtering, consumer advocacy group decries, interferes with privacy of end users, In Brief, 1103 Expired password use to access software, claims fail (N.D. Ill.), 986 Facebook, violating terms of service actionable, accessed network through automated means (N.D. Cal.), In Brief, 806 File sharing
See FILE SHARING
SalesTraq Am., CFAA claim fails against party who paid for access but misused contents, other claims continue (D. Nev.), 931
Accountants, Generally Accepted Privacy Principles (GAPP), comments sought on draft update, 504; comment period extended, 747; updated principles add risk management and portable devices criteria, 1606
Arbitration agreement, employer's lax data security leads to rejection of validity of worker's electronic signature (D. Kan.), 469 Binding corporate rules (BCRs) Data sharing, N.Y., omnibus law includes employer SSN use and personal data sharing restrictions, 8 IT cybersecurity warning, DHS issues baseline risk assessment, 1264 Italy, shareholders may access contact data of fellow shareholders, In Brief, 717 Regulatory compliance chief policy challenge to corporations, Deloitte reports, 233 Small Business SOX Compliance Relief Act U.K. standards body seeks comments on standard for personal information management systems (PIMS), 89; BSI British Standards launches voluntary standard for businesses, 838 Value propositions of data protections, Ponemon survey, 1107
Data protection, Assembly to move on measure, joins others following EU model, 989
See ATTORNEYS
See PUBLIC RECORDS
Cal., Song-Beverly Credit Card Act
E-mail requested by Pottery Barn at point of sale, suit not preempted by CAN-SPAM (Cal. Ct. App.), 1384
Jury trial not available on class claim of customers asked for home phone number (E.D. Cal.), In Brief, 1440 Symantec, data collection ban inapplicable online (C.D. Cal.), 302 Williams-Sonoma, zip code collection and marketing use does not violate (Cal. Ct. App.), 1562 Zip codes do not fall under Cal. law barring retailer collection of personal data (Cal. Ct. App.), 13 China issues draft data collection and usage rules, 1500; legal experts laud new draft rule, 1573 Data breaches
Circuit City customer class action suit against Chase Cards Services dismissed (S.D.N.Y.), 1055
Heartland Payment Sys.
See DATA BREACHES
Network Solutions, source of hack affecting credit card accounts not identified, 1144 Radisson Hotel chain says hackers gained access to guest data, 1232 TJX Cos.
Banks, remaining plaintiffs may pursue some claims (1st Cir.), 532; final bank plaintiffs settle claims (D. Mass.), 1260
Hacker pleads guilty (D. Mass.), 1272 State investigations, agreement reached with state attorneys general (Mass. Super. Ct.), 957 FACTA FCRA Hospital official allegedly stole patient records for scam (S.D. Fla.), 831; records administrator and accomplice sentenced, 1612 Marketing, new Ill. law expands restrictions of use of student data, 1206 Offshore accounts merchants, IRS to summon payment card processor to identify (D. Colo.), 586 Payment Card Industry Data Security Standard (PCI DSS)
Compliance
Hiscox report released, 619
Merchant group urges council to adopt risk-based approach and ease burdens, 928 Ponemon survey report, 1403 Heartland Payment Sys. CEO pushes for total encryption to supplement, 204; Heartland 10-K annual report details multiple government probes, loss of PCI DSS certification and more lawsuits, 466; Heartland recertified as PCI DSS compliant, 719 House Homeland Security panel questions effectiveness against cybercrime, 525; PCI DSS overview, 527 Small merchants struggle according to survey, 1231 Wireless transmission, council issues guidance, 1052
Federal claims
Robocalls, rate marketer ordered to halt (N.C. Super. Ct.), In Brief, 568
Background checks
Ban on use in hiring
Dallas-based corporate events planner, EEOC files class suit over firm's use of credit and criminal histories in hiring (D. Md.), 1471 EEOC considers guidance, ABA teleconference, 600 Railroad companies settle FTC allegations of failure to notify workers of use (D. Colo., W.D. Wash.), 1200 Complaints alleging errors, FTC reports most result in pro-consumer changes, 11 Consumer freeze of report
Alaska law enacted, 834
Conn., Countrywide owner Bank of America to cover data breach freeze costs, 205 Mass. data security rules, regulators urged to extend compliance deadline, 165; Mass. delays rules, drops vendor written certification mandate, 276; panelists concerned about impact, 588; future of rules uncertain, 1049; Mass. amends rules and extends deadline, 1225; public hearing held, 1386; officials discuss at IAPP Privacy Academy and give compliance advice, 1399; Mass. files final amendments, 1565 N.C. bill clears legislature, 1096; governor signs, 1149; law to take effect, 1387 State legislation outlook, Special Report, 177 FACTA Free annual report rule, FTC seeks comments, In Brief, 1480 Germany, Analysis and Perspective, 1003 Monitoring and protection services
Bank of N.Y. Mellon agrees to pay Conn., already paying for credit protection, 241
Haw. data breach notification amendment died, 507
See also CYBERCRIME
Bank of New York Mellon technician charged in $1.1 million scheme (N.Y. Sup. Ct.), 1610 CFAA Currency transaction reports, DOJ charges Ill. bank in first criminal case (N.D. Ill.), 1563 Data breach notification, Mo. bill includes criminal penalties, 5 Data breaches
See DATA BREACHES
Expunged criminal record can never truly be private (3d Cir.), 1384 Failed bank robbery led to firing of manager not disclosure of polygraph, no evidence of damages (D.S.C.), 625 FDIC employee indicted on charge of disclosing confidential bank data (D. Kan.), 1496 Google, video shows taunts of Down syndrome boy, court considers criminal defamation case against officials (Tribunale di Milano), 243; ombudsman for municipality files civil suit, 244; case remains before judge, jurisdictional issues not decided, 308; ruling postponed, In Brief, 474; Italy has jurisdiction, 502; Milan court retains criminal and privacy cases, sends related case to Rome, 631; Google says IT not available then to restrict video post, In Brief, 718; trial granted use of fast-track process, 782; trial postponed, closed to media and public, In Brief, 966; court date set, In Brief, 1440 Hacking
See HACKING
Lawyer bought patient data, hospital employee indicted (S.D. Fla.), In Brief, 1175
Stolen, hospital official allegedly stole for credit card fraud scam (S.D. Fla.), 831; records administrator and accomplice sentenced, 1612 Viewed out of curiosity, doctor and two hospital employees enter pleas (E.D. Ark.), 1094; sentenced to probation and fines, 1562 Identity theft
See IDENTITY THEFT
Motor vehicle accident victim scam, bribes for confidential information, arrests made (N.Y. Sup. Ct.), 1383 Ohio databases, new law bars unauthorized searches by government employees, 43 Operation Phish Phry, FBI, DOJ, and Egyptian authorities break up large operation (C.D. Cal.), 1472 Photographs of private property, Cal. considers limits on posting images online, 470 Sentencing
See SENTENCING
Spyware
See SPYWARE
U.K. enforcement powers
APEC privacy subgroup proposes draft regulations, 338; proposed enforcement agreement endorsed, questionnaire evaluated, 1154
Australia
Dodo case as example of accountability model, Analysis and Perspective, 180
Privacy principles to include notification of overseas data transfer, 1500 Cloud computing
Analysis and Perspective, 425
Contract terms, companies should review and not move all sensitive data, RSA Conf., 646 FTC investigates practice, 701 IAPP Privacy Summit, risks exist but old safeguards still apply, 475 World Privacy Forum issues report, 337 DHS Napolitano to meet with Europeans on data privacy, In Brief, 634 Duke Univ. conference speakers predict Obama to boost U.S. and EU data sharing plans, 193 EU adequacy
New Zealand, privacy chief urges quick enactment of amendment to secure approval, 1026
South Africa, bill includes breach notice and marketing limits, Special Report, 1317; omnibus data protection bill draws business criticism and requests for more time, 1567
Article 29 Working Party
Annual report for 2007 gives overview of enforcement and documents issued, 166
Standard contractual clauses, opinion released on proposed update, especially with regards to sub-sub processors, 457 E-discovery
EU data protection, Practice Aid, 409
France, guidelines issued on pretrial discovery, 1240 Online freedom of speech, EU official calls for protections through trade agreements not legislation, 285 Rand review of data protection directive proposes updates, 741; Analysis and Perspective, 853 SWIFT network, EC seeks temporary pact until Lisbon Treaty enters into force, 1062; EU to incorporate data protection recommendations into pact, 1283; European Parliament adopts resolution setting guidelines for new agreement, 1351 Transfers to third countries, FAQ released, 471 U.S. safe harbor framework, Practice Aid, 1211; FTC enforcement, Practice Aid, 1328
Authorizations grants, In Brief, 1576
Education test firm's transfer of palm vein data to U.S. approved, 1027 Hong Kong discussion paper due soon, 1239; ordinance proposals include data transfer rules, 1281 IRS says privacy and rights protected, In Brief, 748 Justice Dep't advisory group releases report, In Brief, 22 National security letters (NSLs), Practice Aid, 511 Personal information management systems (PIMS), BSI British Standards launches voluntary standard for businesses, 838 Philippines, congressional working group to meet on revised data protection law, 435; bill progresses, changes include breach notice and penalties, 1239 Safe harbor standards
Commerce Dep't
Appointments delayed, 270
Undersecretary O'Neill, BNA interview, 94 EU data protection, Practice Aid, 1211 FTC enforcement
Practice Aid, 1328
Settlements announced (FTC), 1459; comments urge further inquiry, 1604 Turkey, data protection law remains stalled, 44
CFAA
DHS National Cybersecurity Center, Beckstrom resigns citing NSA concerns, 437; ICANN names Beckstrom to lead, 981 FBI internet crime report for 2008, fraud and other activity complaints rose 33 percent, 529 France, new crime bill allows government monitoring of internet use, 837 Fraud Hacking
See HACKING
See IDENTITY THEFT
Obama's official cybersecurity agenda mirrors campaign promises, 157; FY2010 budget proposal includes increased funds, 327; hearing witnesses urge House panel to avoid prescriptive mandates for private sector, 703 Portugal enacts new statute to implement EU framework law, 1354 RSA Conference
HITECH Act funds and medical identity theft, 644
PINs and payroll debit cards targeted using increasingly sophisticated methods., 641
See SPAM
Australian legislation to allow early interception of online messages, 1438
Budget FY2010 proposal includes increased funds, 327; DHS seeks $437M for cybersecurity in request, 703 Business Forum for Consumer Privacy paper on U.S. approach, IAPP Privacy Summit, 477 Comprehensive bill includes professional certification and development of effective defenses Consumer Financial Protection Agency (CFPA)
DHS Secretary, Napolitano confirmed, issued directives, 157
Electricity grid
Bulk Power System Protection Act
Senate energy panel considers bill to give DOE and FERC emergency orders power, 702 Data security
See DATA SECURITY
FCC creates working group, In Brief, 1312 Federal legislation, Outlook, 57 FTC Chair Leibowitz says online privacy among top priorities, BNA Interview, 1181 Hacking
See HACKING
Homeland security International Multilateral Partnership Against Cyber Threats (IMPACT) Center opens in Malaysia, 505 Intl. Telecomm. Union (ITU)
Legislation toolkit and guide for developing countries issued, 803
Telecom World 2009, experts seek heightened global efforts, 1476
See INTERNET
Lieberman (I-Conn) outlines his draft bill at U.S. Chamber of Commerce speech, includes Senate-confirmed coordinator at White House, 1605 Obama orders review of federal plans and programs, Hathaway named leader, 269; review team expected to provide action plan by April, 391; House panel hearing on pending review, 437; Langevin (D-RI) expects White House to play key role in strategy, regulatory approach possible, 493; Business Software Alliance provides comments on public-private information sharing partnerships, 495; Hathaway offers RSA Conf. preview, 644; policy review released, technology leaders praise Obama plan, 795; Congressional Internet Caucus hosts forum, 843; review includes near-term action plan, 844; House hearing on report, DHS and NIST officials testify, 924; Obama official tells briefing cyber coordinator should be appointed soon, 925; Hathaway resigns post, 1164; Napolitano outlines DHS role, In Brief, 1175; White House chief position still empty, 1344; House panel holds hearing, In Brief, 1538 Privacy protections as priority, Obama commitment to IT issues not clear correlation, 588 Reform, Clarke (D-NY) says efforts should not be rushed, 1523 Resignations
National Cybersecurity Center, Beckstrom resigns citing NSA concerns, 437; ICANN names Beckstrom to lead, 981
US-CERT Director Kwon to take RSA post, 1197 White House cyber coordinator, Hathaway resigns, 1164 Senate
Commerce Comm. expected to revisit consumer protection proposals, IAPP Privacy Summit, 478
Homeland Security Comm. hearing, different opinions offered on national strategy and White House office plan, 663; Lieberman (I-Conn) says committee drafting bill that maintains DHS leadership role, 1344 Trusted Internet Connection services, AT&T receives GSA award, 9 White House office
Binding corporate rules, country one of latest to join recognition procedure, 629
Lisbon Treaty, Ireland approved, Poland and Czech Republic still need to ratify, 1477; to accommodate concerns, EU may move up effective date, 1616 Contact the Webmaster at webmaster@bna.com Copyright © The Bureau of National Affairs, Inc. All Rights Reserved. |
