On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.
Following an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the Alaska Department of Health and Social Services (DHSS), Alaska’s state Medicaid agency, agreed to pay $1.7 million in fines and to comply with a corrective action plan (CAP) to address gaps in its compliance with the HIPAA Privacy and Security Rules.
A new agreement this week between mobile app platform operators and the California Attorney General effectively creates enforceable, nationwide mobile app privacy standards that companies will need to follow going forward.
Today’s Guest Blog is from Peter Fleischer, who writes: “Since 2012 has now begun, here’s a prediction about the future: there’s going to be a lot more privacy enforcement actions. By a lot of different government authorities, not just DPAs. And the sanctions/damages are going to go through the roof. Indeed, it’s not easy to keep track of which government officials are in charge of data protection enforcement actions. There are a lot of them.” Read more in this entry.
Elisabethann Wright, a Partner in our Brussels Office, presented at the 33d International Congress of Data Protection and Privacy Commissioners in Mexico City last week. In this entry, she shares some reflections from her participation.
The Federal Communications Commission has proposed a $2.96 million forfeiture against Travel Club Marketing, Inc. for apparent violations of the Telephone Consumer Protection Act (TCPA) and related FCC rules regarding the delivery of prerecorded messages, as well as its Caller ID rules. This enforcement action serves as a reminder to companies placing autodialed calls or delivering prerecorded messages to ensure that such calls and messages comply with federal and state laws. Otherwise, they risk not only class action litigation, but also potential regulatory enforcement fines that are imposed on a per-call basis.
Mexico’s new privacy law goes into effect in July. While enforcement will be delayed, companies are expected to have privacy officers and written policies in place. This blog entry reports on recent comments by the head of Mexico’s privacy commission at a program organized by Hogan Lovells.
The FTC today announced a proposed settlement with Google relating to charges that Google used deceptive practices and violated its own privacy policies when Google launched its social network “Google Buzz”. For the first time ever, the FTC is requiring a “Comprehensive Privacy Program” and affirmative consent to any new or additional uses of previously collected data.
David Vladeck, Director of the Division of Consumer Protection at the Federal Trade Commission, today spoke at the IAPP Privacy Academy in Baltimore, and offered the FTC vision for future privacy protection. This blog contains some highlights.
Complimentary Webcast of a Presentation by Hogan & Hartson’s Privacy Practice Lead Chris Wolf on New Directions in Enforcement and Policy at the FTC and the Impact on Businesses
The Federal Trade Commission settles with 6 companies over Safe Harbor misrepresentations and lapsed certifications.
Businesses may be facing their last chance to comply with the FTC identity theft Red Flags Rule as the compliance deadline was extended over the Summer to November 1, 2009. On July 29, 2009, the Federal Trade Commission (“FTC”) announced that it will delay enforcement of its identity theft “Red Flags Rule”until November 1, 2009. This is the third… Continue Reading