Data Security


Ed note: This post originally appeared on Global Regulatory Enforcement Law Blog.

Seemingly every day, new types of wearable devices are popping up on the market. Google Glass, Samsung’s Gear, Fitbit (a fitness and activity tracker), Pulse (a fitness tracker that measures heart rate and blood oxygen), and Narrative (a wearable, automatic camera) are just a few of the more popular “wearables” currently on the market, not to mention Apple’s “iWatch,” rumored to be released later this year. In addition, medical devices are becoming increasingly advanced in their ability to collect and track patient behavior.

double red triangle arrows Continue reading “Wearable Device Privacy – A Legislative Priority?”

Ed note: This post originally appeared on InfoLawGroup.

Last week, the FTC released a study it conducted in connection with price-comparison apps, deal apps and apps that allow people to pay for purchases using their mobile device while shopping in brick-and-mortar stores. The newly released study is the latest commentary from the FTC in a long line of workshops and reports that started in 2012 on the issue of mobile apps, mobile payment mechanisms and related matters, such as mobile cramming and mobile security. Here are the key takeaways from the latest study:

double red triangle arrows Continue reading “Mobile Apps: FTC Says Vague Privacy Policies and Lack of Terms a Problem”

Do you know where your data is? According to the Federal Trade Commission, the answer is “no.”

The agency wants Congress to intervene against data brokers – companies that collect personal information and resell it, mainly for marketing purposes. The FTC released a report on Tuesday of the top nine data brokers in the US and how most Americans don’t know that their personal information is being collected.

According to the Chronicle of Data Protection,

the FTC states that consumers may benefit from increased transparency into the operations of data brokers. It notes that data brokers collect and store billions of data elements covering nearly every U.S. consumer, in many cases without consumers’ knowledge. The FTC recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the handling of their information by data brokers.

The data collected by firms like Acxiom, Datalogix and Corelogic range from the innocent (what sports you follow) to the personal (health and financial information) and everything in between (what kind of car you drive and general shopping habits).

double red triangle arrows Continue reading “Data Brokers Know Far More About Consumers Than Consumers About Them, Says FTC”

I had today’s column dealing with confidentiality provisions all set to go. However, given the Baylor Law School fiasco, I changed topics to another very contentious issue in business-to-business terms and conditions negotiations: data security. I will take some liberties with the factual scenario of the Baylor data release in order to make the issue more relevant to those of us in-house.

Let’s assume that instead of an employee of Baylor’s admissions office allegedly being responsible for the data release, it was an outside contractor who had been hired to perform data collection for Baylor. Let’s further assume that the contractor acted negligently in releasing the information. Finally, let’s assume that Baylor’s legal counsel vetted the Agreement and Statement of Work (“SOW”) between Baylor and the contractor, and included a data security provision. What should happen now that prospective students’ personal information, including LSAT scores and GPA, are in the public domain? I would begin by stanching the bleeding and assessing the damage….

double red triangle arrows Continue reading “House Rules: Data Security”