| FTC Call for Presentations at January 2016 PrivacyCon |
| The Federal Trade Commission (FTC) recently announced that it will be hosting a conference January 14, 2016, to discuss new trends and research surrounding protections of consumer privacy and data security. The FTC’s goal is to “bring together leading stakeholders, including whitehat researchers, academics, industry… |
| |
| |
| DAA Has App-Based Choice Mechanism, Mobile Enforcement to Begin September 1, 2015 |
| The Council of Better Business Bureaus and the Direct Marketing Association have announced that on September 1, 2015, they will begin enforcing the Digital Advertising Alliance’s “Application of Self-Regulatory Principles to the Mobile Environment.” As we previously reported, if you are a first party who has an app that… |
| |
| |
| FTC Announces Winner of Robocall Blocking Contest |
| The Federal Trade Commission (FTC) recently announced that a solution called “RoboKiller” won the FTC’s Robocalls: Humanity Strikes Back contest for building a mobile app that blocks and forwards robocalls to a crowd-sourced honeypot. A “honeypot” is an information system that may be used by government, private… |
| |
| |
| Clarification on Russia’s New Data Localization Laws |
| The Russian Ministry of Communications and Mass Media recently provided further information regarding Russia’s data localization law that is set to take effect on September 1, 2015. The data localization law generally requires companies to store all personal data of Russian citizens in databases located inside Russia.… |
| |
| |
| Poland Updates Data Protection Laws |
| New data protection rules in Poland impose audit obligations on data controllers who have appointed information security officers and those information security officers themselves. However, it is unclear whether data controllers who have not appointed information security officers fall under the new rules or if companies… |
| |
| |
| CNIL Releases Guides Regarding Privacy Impact Assessments |
| In anticipation of the forthcoming General Data Protection Regulation, the French data protection authority (the “CNIL”) published two Privacy Impact Assessment Guides. The guides are a follow-up to the CNIL’s 2010 and 2012 security publications. The first concerns the methods to be adopted by data controllers in conducting… |
| |
| |
| Court Affirms Insurance Coverage in FCRA Suit for Willful Damages |
| In companion rulings, a New York court rejected Navigators Insurance Company’s arguments that it had no obligation to defend or indemnify its insureds for putative class actions alleging violations of the Fair Credit Reporting Act (FCRA). While Navigators’ errors and omissions policy covered liability for compensatory… |
| |
| |
| Russia’s Right to Be Forgotten Law Effective January 2016 |
| Vladimir Putin recently authorized a “right to be forgotten” law that goes into effect January 1, 2016. The law (Federal Law No. 264-FZ) sets forth a procedure of communications between operators of search engines and those who wish certain data be removed. It requires operators of search engines to remove links to personal… |
| |
| |
| South Korea Introduces Punitive Damages Resulting from Data Breach |
| South Korea amended its Personal Information Protection Act last month by adding punitive and statutory damages to the statute. The amendment will become effective in July 2016 and will allow Korean courts to award punitive damages of up to three times the actual damage from the “loss, theft, leakage, forgery… |
| |
| |
| Neiman Marcus Disagrees with Seventh Circuit over Harm in Breach Case |
| The Seventh Circuit recently reversed the dismissal of a lawsuit brought against Neiman Marcus after it suffered a data breach, finding that the risk of harm to the 350,000 people whose credit card numbers were exposed was “very real and immediate.” In support of its conclusion, the court noted that 9,200 cards had already been… |
| |
| |
| Bavarian Regulator Fines Retailers for PII Transfer in Corporate Sale |
| The German state of Bavaria’s local privacy regulator (BayLDA) recently fined two online retailers for unlawfully transferring customer email addresses as part of separate sales of each companies’ assets. According to the regulator, transferring such information requires prior customer consent or, in the alternative, informing… |
| |
| |
| France’s CNIL Issues Warnings to French Dating Sites |
| Thirteen dating websites in France – including several targeted to specific demographics (leftists, food lovers) – received warnings from the French data protection authority, CNIL. According to the CNIL, the sites collected sensitive personal information such as religious convictions, ethnic origin, and political opinions without … |
