Menu
Tablet menu

Right to be Forgotten - Casting a Wider Net

Right to be Forgotten - Casting a Wider Net

The Article 29 Working Party (WP29) has published, in its document WP 225, Guidelines on the Implementation of the Court of Justice of the European Union (CJEU) Judgment on Google Spain and Inc. v. Agencia Espanola de Proteccion des Datos (AEPD) and Mario Costeja GonzalezC-131/12 (Guidelines) to provide its interpretation of the CJEU’s ruling, and identify the criteria that will be used by the EU/EEA Member States Data Protection Authorities when addressing complaints from individuals following a denial of de-listing requests. Read more

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
Prev Next
TinyCO and Yelp settle COPPA Violation

TinyCO and Yelp settle COPPA Violation

The Federal Trade Commission has announced proposed settlements with TinyCo and Yelp to conclude enforcement actions alleging violation of the COPPA Rule. TinyCo has agreed to pay a $300,000 civil penalty, and Yelp, to pay a $450,000 civil penalty. Read more

$800,000 Fine for Failure to Protect Paper Records

$800,000 Fine for Failure to Protect Paper Records

HIPAA covered entities that may have focused their efforts and budget on electronic health records should pay proper attention to the protection of paper health records if they want to avoid an HHS investigation and an $800,000 fine. Read more

White House Big Data Report

White House Big Data Report

Big data tools offer astonishing and powerful opportunities to unlock previously inaccessible insights from new and existing data sets. Large amounts of data are processing through new techniques and technologies, dissecting the digital footprints individuals leave behind, and revealing a surprising number of personal details. As a result, big data analytics have the potential to eclipse longstanding civil rights protections... Read more

Feb 26 Program: Trust in the Cloud

Feb 26 Program: Trust in the Cloud

  Don't miss our exciting program "Trust in the Cloud: How are you Protecting your Customers' Data?" to be held on Wednesday, February 26, 2014 from 8:15am to 12:00pm at the PLI Conference Center at 685 Market Street, San Francisco, CA. Business is based on trust. In the cloud, to deserve the trust of its customers and others, a company must... Read more

New Disclosures Required under Cal. AB 370

New Disclosures Required under Cal. AB 370

At the end of September 2013, California’s governor, Jerry Brown, signed into law a series of bills that will significantly alter California’s privacy landscape, and are likely to affect, as well, the remainder of the United States. Among these bills, California’s Assembly Bill AB 370, sponsored by the California State Attorney General, becomes effective as of January 1, 2014. Read more

Draft EU Privacy Regulation Amendments Approved

Draft EU Privacy Regulation Amendments Approved

The European Union Committee on Civil Liberties, Justice, and Home Affairs, also known as the “LIBE Committee” approved amendments to the draft of the EU Data Protection Regulation on October 21, 2013. The good news is that the “right to be forgotten” has been replaced with a “right of erasure” which is more narrowly phrased.  Read more

Use of Cloud Computing in a Law Office

Use of Cloud Computing in a Law Office

Attorney and law firms are increasingly interested in taking advantage of the proliferation of cloud computing services in their law practice. For example, they might wish to use web-based email to interact with their clients, subscribe to customer relationship management (CRM) services that are offered as Software as a Service (SaaS) to manage their customer and prospect lists. They may... Read more

Hot Issues in Data Privacy and Security

Hot Issues in Data Privacy and Security

Data privacy and security issues, laws and regulations are published, modified and superseded at a rapid pace around the world. The past ten years, in particular, have seen a significant uptake in the number of laws and regulations that address data privacy or security on all continents. On March 1, 2013, a program held at Santa Clara University’s Markkula Center... Read more

Foreign Laws on Government Access to Data

Foreign Laws on Government Access to Data

Companies and individuals who upload their files in the cloud often ask (or should ask) the question: "Where are my files and who can have access to them?" In a prior article, we analyzed the laws that regulate US government access to data. In this article we will review their equivalent in three countries on three continents. What may be surprising... Read more

Laws Regulating Government Access to Cloud Data

Laws Regulating Government Access to Cloud Data

A program sponsored by Box and the Cloud Security Alliance, and held in conjunction with the RSA San Francisco 2013 Conference, featured European and North American attorneys specializing in information privacy and information security, and members of the Lexing Network, in a discussion of the laws that regulate government access to cloud data.  Read more

562-page HIPAA/HITECH Final Rule Published

562-page HIPAA/HITECH Final Rule Published

A 562-page, unofficial version of the final HIPAA / HITECH Rule was posted today. The final version of the document (“the 2013 Rule) is scheduled to be published on January 25, 2013 at http://federalregister.gov/a/2013-01073. This 2013 Rule becomes effective on March 26, 2013. Covered entities and business associates must comply by September 23, 2013. Read more

New FTC COPPA Rule will better protect 21st century children

New FTC COPPA Rule will better protect 21st century children

The Federal Trade Commission final updated COPPA Rule, published this morning (December 19, 2012),  brings child protection online to the 21st century. While most of the high level requirements, which stem directly from the Child Online Privacy Protection Act (COPPA) remain unchanged, the updated Rule contains references to modern technologies such as geolocation, plug-ins and mobile apps, and modern methods of financing websites,... Read more

USA Patriot Act Effect on Cloud Computing Services

USA Patriot Act Effect on Cloud Computing Services

Recent reports and press articles, with attention grabbing headlines, have expressed concern, and at times asserted, that the U.S. government has the unfettered ability to obtain access to data stored outside the United States by U.S. cloud service providers or their foreign subsidiaries. They point to the USA PATRIOT Act (“Patriot Act”) as the magic wand that allows U.S. law... Read more

Compete web analytics under FTC supervision for 20 years

Compete web analytics under FTC supervision for 20 years

The Federal Trade Commission has published a proposed settlement with Compete, Inc. a web analytics company, for violation of Section 5 of the FTC in connection with its collection, use, and lack of protection of personal information (including some highly sensitive information). Compete uses tracking software to collect data on the browsing behavior of millions of consumers.  Read more

FTC v. Google 2012 - Misrepresentation of Compliance with NAI Code a Key Element

FTC v. Google 2012 - Misrepresentation of Compliance with NAI Code a Key Element

Google was hit by a $22.5 million penalty as a result of an investigation by the Federal Trade Commission covering Google’s practices with users of the Safari browser. A very interesting aspect of this new case against Google (Google 2), is that it raises the issue of Google’s violation of the Self-Regulatory Code of Conduct of the Network Advertising Initiative... Read more

Article 29 Working Party’s Opinion on Cloud Computing: A Threat for the Industry?

Article 29 Working Party’s Opinion on Cloud Computing: A Threat for the Industry?

In its Opinion 05/2012 on Cloud Computing published as document WP 196 in early July 2012, the Article 29 Working Party identifies the data protection risks that are likely to result from the use of cloud computing services, such as the lack of control over personal data and lack of information about how, where and by whom the data are being processed... Read more

Proposed EU Data Protection Regulation – January 25, 2012 Draft: What US Companies Need to Know

Proposed EU Data Protection Regulation – January 25, 2012 Draft: What US Companies Need to Know

If the vision of Ms. Reding, Vice-President of the European Commission, as expressed in the January 25, 2012 data protection package is implemented in a form substantially similar to that which was presented in the package, by 2015, the European Union will be operating under a single data protection law that applies directly to all entities and individuals in the... Read more

Proposed EU Data Protection Regulation – November 29, 2011 Draft

Proposed EU Data Protection Regulation – November 29, 2011 Draft

Note: This article is superseded by the more recent Proposed EU Data Protection Regulation – January 25, 2012 Draft: What US Companies Need to Know The European Commission has just published drafts of the two documents that will form the new legal framework for the protection of personal data throughout the European Economic Area. The draft documents are intended to provide a... Read more

New EU Directive on Consumer Rights Affects Website Terms

New EU Directive on Consumer Rights Affects Website Terms

In late October 2011, the European Council of Ministers formally adopted the new EU Consumer Rights Directive. The new Directive will drastically affect the rules that apply to online shopping. Numerous provisions will also apply to both the online and the offline markets. Scope of the Consumer Rights Directive The Directive is intended to protect “consumers,” i.e., all natural persons who are acting... Read more

Child Social Networking Site Settles with FTC

Child Social Networking Site Settles with FTC

While the COPPA Rule is going through a facelift – a final draft is expected to be published in 2012 - the FTC continues its enforcement actions against websites with lax COPPA practices. On November 8, 2011, the FTC announced a proposed settlement with the social networking site, www.skidekids.com, which collected personal information from children without obtaining prior parental consent,... Read more

How to Build a Winning Privacy Program

How to Build a Winning Privacy Program

Many companies post on their websites a statement indicating that they care about the privacy of their customers or users, and then describe in general terms their policies with respect to certain categories of personal information. The golden rule for these privacy statements is “Say what you do, and do what you say you do.” Let’s assume that the company... Read more

Compliance By Design

Compliance By Design

How to build cloud applications that anticipate your customers' legal constraints? To succeed and gain market share, developers of cloud services and cloud-based applications must take into account the compliance needs of their prospective customers. For example, a cloud that offers services to the health profession must anticipate that its customers are required to comply with HIPAA, the HITECH Act, and... Read more

FTC Proposes Changes to COPPA Rule

FTC Proposes Changes to COPPA Rule

On September 15, 2011, the Federal Trade Commission published for comments its proposed amendment to the current COPPA Rule, which is codified as 16 CFR Part 312. This proposed amendment is based on the information and comments collected during several public round tables and other consultations with the public and stakeholders in 2010. The text of the Proposed Amendment... Read more

Peru Adopts New Data Protection Law

Peru Adopts New Data Protection Law

On July 2, 2011, Peru adopted its first “Law on the Protection of Personal Data.” The law was published in the country’s official gazette of July 3, 2011 as Law No. 29733. Inspired from the Spanish data protection law and the APEC Privacy Framework, this new law is intended to bring Peru to a level of data protection that... Read more

Hot issues in Privacy & Security

Hot issues in Privacy & Security

Top ten list of issues presented by Francoise Gilbert as part of her Conference Chair address, at the PLI Privacy & Security Conference in San Francisco, May 23-24, 2011. Read more

New UK Cookie Rule Tough to Swallow

New UK Cookie Rule Tough to Swallow

The United Kingdom’s Information Commissioner’s Office (ICO) has published an “advice” that explains the new rule for the use of cookie technologies for websites and mobile applications that are subject to the UK laws. As of May 26, 2011, companies will no longer be permitted to rely on consent implied from browser settings. They must obtain the user’s prior affirmative... Read more

Failure to Protect against SQL Injection Attack deemed an “Unfair Practice”

Failure to Protect against SQL Injection Attack deemed an “Unfair Practice”

A proposed Federal Trade Commission consent order applicable to Ceridian Corporation, establishes that failure to protect against potential SQL injection attacks is an “unfair practice” actionable under Section 5 of the FTC Act. Despite representations that it maintained “worry-free safety and reliability” and that it had a security program designed in accordance with the ISO 27000 standard, the company’s security... Read more

More Changes in the EU Data Protection Regime - 2006 Data Retention Directive to be Amended

More Changes in the EU Data Protection Regime - 2006 Data Retention Directive to be Amended

The European Commission has announced that it plans to amend the 2006 Data Retention Directive, Directive 2006/24/EC. This Directive states that the national laws of the EU Member States must require providers of publicly available electronic communications services and public communications networks to retain traffic and location data for a period between six months and two years, in order to allow... Read more

Privacy Laws may be a Barrier to the Taking of Evidence Abroad

Privacy Laws may be a Barrier to the Taking of Evidence Abroad

Litigation and trials are handled in the United States in a manner that is significantly different from that which prevails in other countries. While broad discovery is available here, the gathering and use of evidence is much more limited abroad. For years, there have been disputes between US litigants and the foreign parties who were requested to produce information and... Read more

Server Location: A Significant Factor in Cloud Computing Services

Server Location: A Significant Factor in Cloud Computing Services

In a cloud computing environment, data and applications are hosted "in the cloud.” What that cloud is made of, and where its components are located, matters. However, ask a cloud service vendor where your data will be stored or processed, the typical answers will likely range from "well... hum ... in the cloud" to "we have servers everywhere, data moves... Read more

How to Conquer Cloud Computing Contracts - Part 2

How to Conquer Cloud Computing Contracts - Part 2

Cloud service relationships are very complex. Numerous important issues are at stake. In many cases, the use of cloud services may jeopardize an entity’s ability to comply with the numerous laws to which it is subject. In addition, even if there are no specific legal compliance requirements, sensitive data and significant intangible assets might be at risk. Thus, before venturing... Read more

How to Conquer Cloud Computing Contracts - Part 1

How to Conquer Cloud Computing Contracts - Part 1

The characteristics of cloud computing -- on-demand self-service, elasticity, metered service or ubiquitous access -- make it look like a simple and casual operation. Easy to get in, easy to get out, easy to augment, and easy to shrink; Just pay with your credit card. Attractive pricing structures are often justified by presenting cloud solutions as a “one-size-fits-all” product where... Read more

CNIL Exempts Foreign Based Companies From Filing Notifications With Respect to Certain Processing

CNIL Exempts Foreign Based Companies From Filing Notifications With Respect to Certain Processing

A “Deliberation” of the CNIL (French Data Protection Authority) published in the February 16, 2011 Official Journal of the Republic of France as “Deliberation No. 2011-023” should ease the burden on companies that have no operations in France, and engage France-based subcontractors (or cloud service providers) in order to process their data on the French territory. This is the case,... Read more

Israel Data Protection Law found to provide "adequate protection"

Israel Data Protection Law found to provide "adequate protection"

In a decision made public on February 1, 2011, the European Commission has determined that the data protection regime in Israel is adequate under the 1995 EU Data Protection Directive. The adequacy determination applies to only to data in automated databases. The data protection law of Israel Data does not apply to data in manual databases. Thus, for these data,... Read more

Department of Commerce Publishes Green Paper on Privacy

Department of Commerce Publishes Green Paper on Privacy

On December 16, 2010, the Department of Commerce released its Internet Policy Task Force Privacy Green Paper, which details recommendations on the protection of consumer privacy online.  Titled “Commercial Data Privacy and Innovation in the Internet Economy:  A Dynamic Policy Framework”, the Report provides a set of recommendations to strengthen data privacy while protecting innovation, job creation, and economic growth. The... Read more

FTC’s Privacy Framework: Similarities with EU Privacy Directives

FTC’s Privacy Framework: Similarities with EU Privacy Directives

On December 1, the FTC issued its long awaited report in which it outlines a Proposed Framework for businesses and policy makers for the protection of personal data. The Proposed Framework would reach a broad range of commercial entities, both online and offline, that collect, maintain, share, or use consumer data. The protection would apply not only to what has... Read more

FTC’s Proposed Privacy Framework: More Obligations for US Businesses?

FTC’s Proposed Privacy Framework: More Obligations for US Businesses?

In its long awaited report on privacy protection, which was published on December 1, 2010, the Federal Trade Commission outlines a Proposed Privacy Framework for businesses and policy makers. The Proposed Framework would focus on the collection, maintenance, sharing, or use by commercial entities of consumer personally identifiable information, online and offline. “Personally identifiable information” is defined as data that... Read more

Proposed Changes to the EU Data Directives: What Consequences for Businesses?

Proposed Changes to the EU Data Directives: What Consequences for Businesses?

The European Commission has determined that the privacy and data protection framework applicable throughout the European Union must be revised in order to adapt the current rules to the rapid technological changes that have dramatically modified the way individuals live and companies operate. Communication COM (2010) 609, published on November 4, 2010, summarizes the goals that the European Commission has... Read more

Department of Energy’s Report on Data Access and Privacy Issues Related to Smart Grid Technologies

Department of Energy’s Report on Data Access and Privacy Issues Related to Smart Grid Technologies

On October 5, 2010, the US Department of Energy (DoE) issued two important reports that outline recommendations for the use of Smart Grid technologies.  One of the reports focuses on the protection of personal data that will be collected through Smart Grid meters, the other addresses communications requirements.  Both reports were issued after consultation with the utilities, consumer advocates,... Read more

When Will Your CEO’s Social Media Postings End-Up in a Court Room?

When Will Your CEO’s Social Media Postings End-Up in a Court Room?

Social networks such as Facebook and MySpace allow members to create an online profile that may be accessed by other members.  Some social networks have privacy controls that allow members to choose who can view their profiles or contact them.  Others do not require pre-approval to gain access to a member’s profiles.  These materials are easy target for trial or... Read more

Google Engineer Fired for Accessing User Accounts

Google Engineer Fired for Accessing User Accounts

Google fired a software engineer because he allegedly took advantage of his position as a member of an elite technical group at the company to access user accounts in violation of the company policy.  Accounts accessed included those of four minors whom he had encountered through a technology group, according to reports by CNN and Gawker. While there is no allegation of... Read more

No Attorney Client Privilege for In-house Lawyers Under EU Law

No Attorney Client Privilege for In-house Lawyers Under EU Law

On September 14, 2010 the European Court of Justice (ECJ) confirmed that there is no attorney-client privilege under EU law for communications with in-house counsel when a company is under investigation by the European Commission. In its ruling in the case of Akzo Nobel Chemicals Ltd and Akcros Chemicals Ltd v European Commission, the European Court of Justice affirmed a prior decision... Read more

Mexico’s New Federal Law on the Protection of Personal Data

Mexico’s New Federal Law on the Protection of Personal Data

Mexico’s New Federal Law on the Protection of Personal Data Mexico’s new Ley Federal de Protección de Datos Personales en Posesión de los Particulares (Federal Law on the Protection of Personal Data Possessed by Private Persons) became effective on July 6, 2010. The Law is “of public order,” which means that contract provisions that conflict with it are unenforceable. The Federal Institute... Read more

Lessons from FTC v. Twitter

Lessons from FTC v. Twitter

Security is not just for credit card and social security numbers The proliferation of security breach disclosure laws has brought companies’ attention to the need to protect financial information, social security, and drivers license numbers. Since most of these laws target only these categories of data, and most state laws that require the use security measures also have focused on these... Read more

Of Cookies and Spam

Of Cookies and Spam

What's Cookin' in the European Union? The European Union Member States will soon change the rules that apply to cookies and unsolicited messages. Recent amendments to the ePrivacy Directive require the Member States to implement new restrictions in their national laws by June 2011. These changes are likely to significantly affect the procedures and processes used for marketing in, or with,... Read more

Location Information in Consumer Contracts

Location Information in Consumer Contracts

The use of location-based services by consumers, such as for the provision of directions, traffic information, or mapping to locate nearby stores, should be subject to terms and conditions that address the quality of the service, and the reliability of the data. In addition, the contract should address the privacy concerns of the customer. The collection, use and sharing of... Read more

Remaining in Safe Waters

Remaining in Safe Waters

How to Ensure Continued Compliance with The Safe Harbor Requirements The Safe Harbor created by the US Department of Commerce and the European Commission provides a convenient way for US companies with limited global transactions to address the “adequacy” requirement under the national laws of the European Union Member States. Being self-certified under the US Department of Commerce Safe Harbor allows them... Read more

What Limits for Behavioral Targeting

What Limits for Behavioral Targeting

An individual uses a travel site to check hotels in New York, but does not book any hotel room. Later the individual visits the website of a local newspaper to read about the Chicago Cubs baseball team. While on the newspaper’s website, the individual is served an advertisement from an airline featuring flights from Chicago to New York. The method... Read more

HIPAA Security Rule

HIPAA Security Rule

On February 20, 2003, the U.S. Department of Health and Human Services (HHS) published the final draft of the new National Standards for Safeguards to Protect Personal Health Information that is maintained or transmitted electronically ("Security Rule"). Required as part of the administrative simplification provisions included in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), these standards are... Read more

Information Privacy And Security Current And Emerging Issues In The United States

Information Privacy And Security Current And Emerging Issues In The United States

Not so long ago, the Internet was a separate world.  We distinguished e-commerce and other activities in “cyberspace” from those that were conducted in the brick and mortar world.  Today, most companies are exploiting at the same, and to the fullest extent possible, all of the vast resources that are available through the Internet, the World Wide Web and otherwise. Concurrent... Read more

Firm Profile

The IT Law Group is a law firm focusing on Information Privacy & Security at the domestic and global level. Our Practice Areas encompass a wide range of matters, from behavioral targeting to breach of security, and cloud computing to cross border data transfers. Most of our clients are national or global companies. From Fortune 500 companies to emerging enterprises; our clients are power users of personal data and information technology. We have been ranked as leaders in the data privacy and security field by the prestigious Chambers, Best Lawyers in America, and Who’s Who Legal.

The Global Privacy and Security Law Reference

by Francoise Gilbert

Available from Aspen Publishing

Order Here Button

Ratings

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
Chambers USA 2014 LI

  Chambers and Partners

Who's Who Legal: Technology, Media and Telecommunications 2015

  Who's Who Legal: Technology, Media and Telecommunications 2015

Best Lawyers in America 2015 (2)

 

Best Lawyers in America 2015

Best Lawyers in America LOTY

Best Lawyers in America

Chambers Global 2014 FG

Chambers and Partners

Chambers USA 2013 FG

  Chambers and Partners

Events

December 2014
S M T W T F S
30 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 1 2 3

Silicon Valley Office

  555 Bryant Street, #603
Palo Alto, CA 94301
USA
  Contact form here.
  +1 (650) 328-1800