Data Security

Ed note: This post originally appeared on Reed Smith’s Global Regulatory Enforcement Law Blog.

In July 2014, the High Court (the ‘Court’) considered for the first time the implications of the landmark decision in Google Spain, when delivering an interim judgment in the case of Hegglin v Persons Unknown [2014] EWHC 2808 (the ‘Judgment’).

Mr Hegglin (the ‘Claimant’), a businessman who lived in London but now resides in Hong Kong, sought to have removed a number of abusive and defamatory allegations about him that had been posted on various websites by unknown persons. Google was a defendant in the case as portions of the offensive material appeared in search results, and because Mr Hegglin requested the court to order that the identities of the anonymous posters be disclosed to him.

double red triangle arrows Continue reading “UK High Court Considers Implications Of The Google Spain Case For The First Time”

Ed note: This post originally appeared on InfoLawGroup.

In a recently reported study released by the the Global Privacy Enforcement Network (“GPEN”), the GPEN found that a testing sample of 1,211 mobile apps accessed during May of this year failed to provide users with adequate privacy protections under current regulatory provisions in the United States and in other countries. The GPEN is a coalition of privacy officials from 19 countries, including the United States Federal Trade Commission (“FTC”).

The GPEN report concluded that 60% of mobile apps accessed raised significant privacy concerns based on the following criteria:

double red triangle arrows Continue reading “Recent International Study Reports Delinquencies in App Privacy Disclosures”


Ed note: This post originally appeared on Global Regulatory Enforcement Law Blog.

Seemingly every day, new types of wearable devices are popping up on the market. Google Glass, Samsung’s Gear, Fitbit (a fitness and activity tracker), Pulse (a fitness tracker that measures heart rate and blood oxygen), and Narrative (a wearable, automatic camera) are just a few of the more popular “wearables” currently on the market, not to mention Apple’s “iWatch,” rumored to be released later this year. In addition, medical devices are becoming increasingly advanced in their ability to collect and track patient behavior.

double red triangle arrows Continue reading “Wearable Device Privacy – A Legislative Priority?”


Ed note: This post originally appeared on InfoLawGroup.

Last week, the FTC released a study it conducted in connection with price-comparison apps, deal apps and apps that allow people to pay for purchases using their mobile device while shopping in brick-and-mortar stores. The newly released study is the latest commentary from the FTC in a long line of workshops and reports that started in 2012 on the issue of mobile apps, mobile payment mechanisms and related matters, such as mobile cramming and mobile security. Here are the key takeaways from the latest study:

double red triangle arrows Continue reading “Mobile Apps: FTC Says Vague Privacy Policies and Lack of Terms a Problem”

Do you know where your data is? According to the Federal Trade Commission, the answer is “no.”

The agency wants Congress to intervene against data brokers – companies that collect personal information and resell it, mainly for marketing purposes. The FTC released a report on Tuesday of the top nine data brokers in the US and how most Americans don’t know that their personal information is being collected.

According to the Chronicle of Data Protection,

the FTC states that consumers may benefit from increased transparency into the operations of data brokers. It notes that data brokers collect and store billions of data elements covering nearly every U.S. consumer, in many cases without consumers’ knowledge. The FTC recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the handling of their information by data brokers.

The data collected by firms like Acxiom, Datalogix and Corelogic range from the innocent (what sports you follow) to the personal (health and financial information) and everything in between (what kind of car you drive and general shopping habits).

double red triangle arrows Continue reading “Data Brokers Know Far More About Consumers Than Consumers About Them, Says FTC”

I had today’s column dealing with confidentiality provisions all set to go. However, given the Baylor Law School fiasco, I changed topics to another very contentious issue in business-to-business terms and conditions negotiations: data security. I will take some liberties with the factual scenario of the Baylor data release in order to make the issue more relevant to those of us in-house.

Let’s assume that instead of an employee of Baylor’s admissions office allegedly being responsible for the data release, it was an outside contractor who had been hired to perform data collection for Baylor. Let’s further assume that the contractor acted negligently in releasing the information. Finally, let’s assume that Baylor’s legal counsel vetted the Agreement and Statement of Work (“SOW”) between Baylor and the contractor, and included a data security provision. What should happen now that prospective students’ personal information, including LSAT scores and GPA, are in the public domain? I would begin by stanching the bleeding and assessing the damage….

double red triangle arrows Continue reading “House Rules: Data Security”