Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that new regulations and orders introduced by Israel's Ministers Committee for Biometric Applications set the ground for a two-year biometric IDs issuance trial period. The Ministry of Home Affairs is making final preparations to start issuing the IDs that will contain encoded fingerprints and facial image, and will be stored in a national database. A campaign led by privacy activists against the controversial biometric database has failed to yield a positive result so far.
It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country's data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.
On August 18, 2011, the Associate General Counsel of the National Labor Relations Board ("NLRB" or the "Board") issued a report analyzing the Board's recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests.
Banks and other financial institutions face unique issues when it comes to the use of social media. Faced with conflicts between social media platform rules, customer expectations, self-regulatory standards, and the strict regulations that govern the industry, guidance has been needed. The industry received some of that guidance recently through a whitepaper issued by BITS, the technology arm of The Financial Services Roundtable whose members are 100 of the largest financial institutions in the U.S.The report addresses the compliance, legal, operational, and reputational risks - and related mitigation strategies - of using social media in connection with a financial or banking operation. Regarding compliance, the report discusses the myriad of compliance areas relevant to banks, including marketing, privacy and security. For example, because social media web sites and web activities are deemed advertising by regulators, the report warns of the risks of failing to comply with various marketing laws and regulations applicable to the banking industry, including state Unfair and Deceptive Acts or Practices Acts and Prize and Gift Acts, as well as others that require additional steps for financial institutions, such as Truth in Lending, Truth in Savings, and FDIC membership rules. The paper predicts even stronger and more subjective requirements to come under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Risks of non-compliance vary widely - from litigation and reputation risk, regulatory enforcement actions and in some cases civil money penalties.
On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.
Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.
The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.
InfoLawGroup LLP is delighted to welcome to the firm partners Justine Young Gottshall and Jamie Rubin. Gottshall and Rubin are former partners at Wildman, Harrold Allen & Dixon in Chicago. As nationally-recognized leaders in Digital, Media, Advertising, Privacy and Promotions law, they bring new depth to InfoLawGroup's practice.
We previously reported on our blog that a Connecticut ambulance company settled the National Labor Relations Board's (NLRB's) allegations that the company violated an employee's federal rights by firing her for criticizing a manager on Facebook. The NLRB continues its enforcement blitz with another Facebook firing complaint.
On May 16, 2011, EU's Article 29 Working Party (WP29) adopted an opinion setting out privacy compliance guidance for mobile geolocation services.WP29 is comprised of representatives from the EU member states' data protection authorities (DPAs), the European Data Protection Supervisor and the European Commission. WP29's mandate includes (i) giving expert advice to the EU member states regarding the implementation of European data protection directives, and (ii) promoting uniform implementation of the directives in all EU state members as well as in Norway, Liechtenstein and Iceland. WP29's opinions, therefore, carry significant weight in the interpretation and enforcement of data protection laws by European DPAs. Not surprisingly, WP29 has concluded that geolocation data is "personal data" subject to the protections of the European data protection framework, including the EU Data Protection Directive 95/46/EC. The Working Party also determined that the collection, use and other processing of geolocation data through mobile devices generally requires explicit, informed consent of the individual. Below are the highlights of the opinion.