In recent months, two high-profile cases involving Hulu and Netflix have raised questions regarding the scope and application of the Video Privacy Protection Act (“VPPA”), a federal privacy law that has been the focus of increasing attention over the past few years. In the Hulu case, Hulu users claimed that the subscription-based video streaming service disclosed their viewing history to third parties ...
Florida transportation officials and the private sector have fine-tuned a financing structure that allows the state to use private-sector financing to advance projects to build roads and bridges and fulfill other essential infrastructure needs. The timing is right. The infrastructure of Florida, like the rest of America, is in critical need of maintenance and overhaul ...
In Sir Arthur Conan Doyle’s short story Silver Blaze, Sherlock Holmes noticed that the guard dog for a famous racehorse did not bark on the night that the horse disappeared and its trainer was found murdered on the moor. 1. Holmes correctly deduced from this that the dog must have known the killer. 2 Inspector Gregory of Scotland Yard overlooked the same clue when he earlier accused a stranger of the murder ...
Introduction Title and date of national law The Act on the protection of privacy in relation to the processing of personal data of December 8,1992 (the 'Data Protection Act' or 'DPA') and its Royal Decree of February 13, 2001. Relation with international instruments The DPA implements EU Directive 95/46/EC on the protection of individuals regarding the processing of personal data and the free movement of such data ...
On September 17, 2012, the Department of Health and Human Services (“HHS”) announced a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (“MEEI”) for potential violations of the HIPAA Security Rule ...
We live in a society that is obsessed with appearance, and studies show that many people equate appearance to success. While employers may not be aware of these studies, some are trying to control appearance in the workplace by imposing weight restrictions on job applicants or employees as a condition of employment.Whether these policies are permissible can only be answered with a “maybe ...
Much has already been written on the proposed EU Data Protection Regulation, but there has been very little focus on the fundamental changes to the responsibilities and liabilities that the Regulation seeks to impose on data processors ...
Over the course of 2012, on at least three occasions the Federal Circuit has found anticipation in a situation in which previously the invention would have merely been viewed as obvious:(1) where the prior art merely proposes the steps of the method, without knowledge of whether those method steps will achieve any result, much less the result claimed in the therapeutic method; (2) where the prior art discloses a broader range without providing a “pattern of preference” for a later-claimed narrow
The State of North Carolina recently put into place policies to help encourage brownfields redevelopment. These policies respond to cuts in federal funding to states for brownfields programs while encouraging brownfield redevelopment projects. Though fees for the development of brownfield agreements have increased, programs have been developed to aid the marketing of brownfield properties in an effort to help fast track brownfield projects ...
The Information Commissioner's Office (ICO) recently fined an organisation £250,000 fter its outsourcing vendor carelessly dumped confidential financial data in ublic recycling bins. This incident provides a stark reminder to organisationsthat they remain legally responsible for personal data, even where they utsource data processing activities to third parties ...
On Aug. 31, 2012, the United States Court of Appeals for the Second Circuit issued its decision in In re Charter Communications Inc., (2d Cir. Aug. 31, 2012), expressly adopting an abuse of discretion standard for reviewing equitable mootness determinations ...
The law holds trustees, like any other fiduciary, to a particularly stringent standard of care. As the famed Judge Benjamin Cardozo wrote in 1928, “A trustee is held to something stricter than the morals of the market place. Not honestly alone, but the punctilio of an honor the most sensitive . . ...
On October 26, 2012, three resolutions were adopted by the closed session of the 34th International Conference of Data Protection and Privacy Commissioners and have been published on the conference website. Below we provide an overview of these resolutions ...
On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint, the FTC maintained that PLS Financial Services, Inc ...
On October 29, 2012, the UK Information Commissioner’s Office (“ICO”) served private sector financial services company The Prudential Assurance Company Limited (“Prudential”) with a monetary penalty of £50,000 in connection with a serious violation of the Data Protection Act 1998 (“DPA”). The violation concerned a mix-up involving Prudential customer details ...
Reporting from Washington, D.C., Hunton & Williams partner Frederick Eames writes: Elections have consequences. What are the consequences of the 2012 election on U.S. federal privacy, data security and breach notice legislation? We outline some key developments in the U.S. House of Representatives and Senate and explain how these developments might affect legislative priorities and prospects for the 113th Congress beginning in 2013.U.S. House of RepresentativesThree committees in the U ...
Bloomberg Law’s Lee Pacchia interviewed Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, to discuss the recent data security incident involving Barnes & Noble stores. Sotto discussed life in the modern world of technology where there is an increased risk of data security incidents, and many companies only reach out to counsel after a data breach occurs ...
On October 30, 2012, the U.S. District Court for the Southern District of California ruled that an opt-out confirmation text sent by Citibank (South Dakota), N.A. (“Citibank”) did not violate the Telephone Consumer Protection Act (“TCPA”). Under a “common sense” interpretation, the court determined that Citibank’s opt-out text does not demonstrate the type of invasion of privacy the TCPA seeks to prevent ...
On November 10, 2012, the German working group on technical and organizational data protection matters published guidelines (in German) on the technical and organizational separation requirements for automated data processing on shared IT systems (the “Guidelines”). The working group is part of the Conference of the German Data Protection Commissioners, which recently concluded its 84th Conference in Frankfurt (Oder) ...
On November 9, 2012, a federal District Court in Washington certified a national class and a Washington state sub-class in an action alleging that Papa John’s International, Inc. (“Papa John’s”) violated the Telephone Consumer Protection Act (“TCPA”) by sending unsolicited text messages advertising its pizza products. The court determined that plaintiffs had standing and satisfied all other requirements for class certification ...
On November 20, 2012, the UK Information Commissioner’s Office (“ICO”) published “Anonymisation: Managing Data Protection Risk Code of Practice” (the “Code”). The purpose of the Code is to provide organizations with a framework for assessing the risks of anonymization ...
On November 13-15, 2012, delegates at the IAPP Europe Data Protection Congress in Brussels were given insight into how discussions with key policymakers are progressing. As European Parliament rapporteur and Member of the European Parliament Jan Philipp Albrecht aims to finalize the reform of the EU Data Protection Directive by the end of the current European Parliament’s mandate in 2014, this ambitious goal faces numerous hurdles ...
In late October 2012, California Attorney General Kamala D. Harris began sending letters to approximately 100 mobile app operators, informing them that they are not in compliance with the California Online Privacy Protection Act (“CalOPPA”) ...
On November 26, 2012, the Department of Health and Human Services’ Office of Civil Rights (“OCR”) published guidance on the two methods for de-identifying protected health information (“PHI”) in accordance with the HIPAA Privacy Rule ...
On November 19, 2012, 40 German advertising associations launched the “German Data Protection Council for Online Advertising,” a new initiative to coordinate and enforce self-regulation in the German online behavioral advertising (“OBA”) sector. The initiative is linked to the European Interactive Digital Advertising Alliance (“EDAA”), which manages the self-regulation efforts of the European online advertising industry ...