April 16, 2014
The Federal Trade Commission (FTC) has recently announced settlements with both Fandango and Credit Karma, whose smartphone apps contained the same critical security flaw: a failure to validate Secure Socket Layer (SSL) certificates, one of the most basic and well-established security practices out there. To help businesses and practitioners minimize their own regulatory surprises, the IAPP Westin Research Center has compiled an in-depth overview of the cases.
April 15, 2014
Gerry Stegmaier, CIPP/US, a longtime lawyer in the privacy space and current member of the IAPP Education Advisory Board, has moved from Wilson Sonsini Goodrich & Rosati to join the privacy practice at Goodwin Procter. “It means about 15 minutes more commuting time each way,” he joked, “further into the heart of DC, right across from the Renaissance Hotel,” which should be familiar to those who attended early versions of the IAPP Global Privacy Summit. Publications Director Sam Pfeifle talks with Stegmaier about what triggered the move, where the industry is headed in the next five years and why it’s a good time to be a privacy professional.
April 9, 2014
If anyone was having a case of the Mondays this week it was Wyndham Hotels and Resorts, after a District Court of New Jersey judge denied the company’s motion to dismiss a Federal Trade Commission (FTC) lawsuit alleging Wyndham violated Section 5 of the FTC Act. Some say it’s a landmark decision that emboldens the FTC’s authority as a de facto privacy regulator and could even thwart national privacy legislation, while others say the decision simply gives the FTC the power to regulate concepts that aren’t well defined, as they haven’t been proscribed succinctly for companies aiming to comply with rules effectively created piecemeal via FTC consent decrees. In this exclusive, Angelique Carson, CIPP/US, rounds up reaction from industry, academia and activists regarding a case that may be closer to the starting line than the finish line.
April 9, 2014
With their respective keynote addresses at the inaugural IAPP Asia Privacy Forum, Hong Kong DPA Allan Chiang and Singapore Personal Data Protection Commission member Aileen Chia sent a cohesive message: Those companies making a good faith and concerted effort to respect their customers’ privacy have nothing to fear from regulators.
April 8, 2014
In what many are calling an important ruling, a federal court in New Jersey has shot down a challenge to the Federal Trade Commission (FTC) by Wyndham Hotels. In round one of the challenge, Wyndham argued the FTC overstepped its authority by suing companies for poor data security practices. The ruling by U.S. District Court Judge Esther Salas, however, denied the hotel chain’s motion to dismiss, saying the case can move forward. Salas noted her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked” but added there is “binding and persuasive precedent” upholding the FTC’s authority.
April 2, 2014
In the third and final series of meetings called for by the White House as part of its Big Data and privacy initiative, privacy experts, academics, industry representatives and government regulators convened to hash out the benefits and challenges posed by the Big Data ecosystem. Hosted by the White House Office of Science and Technology Policy, the UD Berkeley School of Information and the Berkeley Center for Law and Technology, the day featured panels covering privacy values, the challenges of health and education, algorithms and transparency and privacy governance. Jedidiah Bracy, CIPP/US, CIPP/E, sums up the key points.
April 1, 2014
In the privacy world, few questions are as fundamental and pervasive as “what constitutes privacy harm?” Scholars continue to debate what it means to suffer a privacy injury, but even as they continue to debate theory, high-profile data breaches continue to hit the newsstands, class-action lawsuits follow; the Federal Trade Commission and state attorneys general launch enforcement actions, and consumers complain in record numbers to federal and state legislators. IAPP Westin Fellow Kelsey Finch examines the case of Curry v. AvMed, Inc.
, and the question of what breaches are actionable and which harms are compensable.
March 27, 2014
Representatives from the University of Maryland and Target—organizations that have both suffered large data breaches in recent months—along with the Federal Trade Commission (FTC), Visa and others, testified before the Senate Commerce, Science & Transportation Committee March 26 on protecting consumer data and fighting cyberattacks. Jedidiah Bracy, CIPP/US, CIPP/E, reports on the testimony and the FTC’s calls for jurisdiction over nonprofits.
March 26, 2014
Facial recognition technology, whether you’re a friend or foe, has a robust future, something clearly on display during the National Telecommunications & Information Administration’s (NTIA) March 25 multi-stakeholder meeting on creating a code of conduct for the technology. With the NTIA still in the gathering and learning stage, the meeting featured presentations from technology experts, some industry representatives and the Federal Trade Commission.
March 25, 2014
As the most recent iteration of the IAPP's Global Privacy Professionals Salary Survey results revealed, in the privacy field it is those with law degrees who report earning the highest salaries and those with a Certified Information Privacy Professional (CIPP) designation reported salary levels outpacing even those with Master of Business Administration degrees. Enter this year’s IAPP Information Privacy Summer Institute, providing privacy education from leading privacy scholars and an opportunity for law school or professional development credit.
March 25, 2014
“Publishers don’t really have their arms around their audiences in the way they used to,” said Joe Titlebaum. “The people who understand audiences the best are the ad tech folks.” Many publishers are uncomfortable with that, which presents a market opportunity. Titlebaum is chief legal and privacy officer for Mezzobit, a New York City-based start-up that’s focused on helping online publishers both understand their audience and prevent data leakage that might present privacy issues or simply make their readers uncomfortable.
March 25, 2014
In January, European Data Protection Supervisor (EDPS) Peter Hustinx and his staff celebrated the EDPS’ 10th year as an institution. Hustinx had all but blown out the candles on his proverbial “Bon Voyage” cake when the European Commission said, “Not so fast.” Though his two-term run had expired, the commission deemed the five candidates it interviewed to replace him late last year “inadequate.” Hustinx, Slovenia Information Commissioner Natasa Pirc Musar and Covington & Burling’s Henriette Tielemans weigh in on the delay in filling this crucial role.
March 24, 2014
In its 2013 global data breach study, the Ponemon Institute reported that data breaches experienced by U.S. companies continue to be the second most expensive in the world at $188 per record. The study also reported that U.S. companies had the second greatest number of exposed or compromised records per breach at 28,765, resulting in an average total organizational cost of more than $5.4 million per data breach. Your company can mitigate the high costs of remediating a data breach by having a strong security posture and incident response plan, assembling a proper team to oversee your privacy and security practices and having a plan for breach remediation, writes Ronald Breaux.
March 24, 2014
For consumers, identity theft seems to be the number-one concern, according to the FTC and a recent Ponemon survey. As privacy pros, putting ourselves in the customer’s shoes can foster perspectives that should lead to making the right decisions as risk managers, writes Matt Storer. Here are some scenarios to consider.
March 24, 2014
Until recently, there was little concern that commercial drone technology might outrun the legal framework for dealing with it. The Federal Aviation Administration (FAA) has rarely issued certifications for commercial drones. But the FAA now has a mandate to open the national airspace to drones. And in a sign that the future may arrive sooner than expected, last month an administrative law judge reversed the FAA’s imposition of a $10,000 fine against an aerial videographer for using a drone to shoot a promotional video, saying the FAA had exceeded its authority under existing rules. In part two of this three-part series, Michael Whitener, CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT, CIPM, zooms in on what the future may hold. Missed part one of this series? See it here
Page 1 of 45 pages 1 2 3 > Last ›