Behind the Scenes

Arent Fox's advertising law blog - latest news and trends in advertising, data security & privacy, and fashion & entertainment.

Behind the Scenes

Blog Posts by Sarah L. Bruno

Privacy & Security, COPPA & GLB
alert
Are You Listening? The FTC Has Been: Enforcement Policy Issued for Child Audio Recordings

What’s the News?

Take out the microphone and get ready to record! Just don’t ask any personal questions and make sure that you’re prepared to then dump it all. This sums up the guidance provided by the Federal Trade Commission in a recently released Enforcement Policy. The Policy was released in response to frequently raised concerns from industry members regarding the need for developers of voice commanded technologies to comply with the Children’s Online Privacy Protection Act (COPPA) Rule, particularly where such technologies are designed for home use and may record the voices of children. Under the Policy, the FTC has stated that it will not take action against companies that offer devices that can record the voice of children if several requirements are met:

Continue Reading →
Privacy & Security
alert
SEC Enforcement Division Creates Cyber Unit to Pursue Data Security Cases

Last month, the SEC announced the creation of a new “Cyber Unit” within the Enforcement Division to target misconduct related to cybersecurity. The unit is being created in conjunction with internal SEC initiatives to strengthen cybersecurity in the wake of the agency’s infamous data breach last year.
 

Continue Reading →
Privacy & Security
alert
Shutterfly Biometric Privacy Face Off Gets Go-Ahead

The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information. In one closely watched case, photo sharing website Shutterfly faces allegations that it violated consumer privacy by collecting facial scans without consent.

Continue Reading →
Privacy & Security
alert
FTC and 3 Companies Settle Enforcement Charges Regarding False Privacy Shield Claims

Just as the Sword in the Stone could only be used by its rightful owner, the Privacy Shield can only be claimed by the rightfully certified entities. If not, false representations may stir Federal Trade Commission action. The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.

Continue Reading →
Advertising, Social Media, User-Generated Content, Gaming & Interactive Media
alert
It’s Every Influencer for Themselves as FTC Settles Debut Case Against Individual Social Stars

Calling all #influencers: that promotional post may attract more attention than you bargained for with your brand if you fail to use required disclosures. With several enforcement actions against companies, assistance from Instagram’s new paid partnerships tool, and the first ever complaint directly against social media influencers, the Federal Trade Commission has made it clear that they are fed up with deceptive endorsements.

Continue Reading →
Privacy & Security, GDPR
alert
Read Here to Update: Privacy Policies, Connectivity, and Consent in the Age of the GDPR

Thinking about updating your privacy policy? Consider how to get consumer buy-in as part of the process. Your organization may be in the process of revamping its privacy practices, and as a result its external privacy policy, to keep up with the European General Data Protection Regulation (GDPR) and Federal Trade Commission (FTC) rules. This is good practice, but your organization should also consider how to publish the revised policies externally and internally, and whether consumer consent is appropriate.

Continue Reading →
Advertising, Social Media, User-Generated Content
alert
Instagram Signals to #Influencers That There’s a #NewSheriff in Town

TLDR

Instagram has a message for social media Influencers: the Wild West is coming to an end. The popular photo-sharing platform is rolling out a new tool that will make it easier to tag and track paid commercial content. The tool offers a potential replacement for the much loathed “#ad” disclosure, but it also signals a coming crackdown on Influencer posts.

Continue Reading →
Privacy & Security, Blockchain
event
Sarah Bruno Discusses Legal Landscape of Blockchain-Ready Industries at ILTACON 2017

Privacy, Cybersecurity & Data Protection group leader Sarah Bruno will discuss "Blockchain in Legal" with Thomson Reuters' Joseph Raczynski at the 2017 International Legal Technology Association (ILTA) Annual Educational Conference, ILTACON.

Continue Reading →
Privacy & Security
alert
Data Divide: Japan’s Clarity and China’s Chaos in Reshaped Privacy and Security Regs

What’s New?

Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets. While the regulations are long-awaited, their implementation follows on the heels of the global Wannacry ransomware data scare and at the same time as companies attempt to prepare for the European General Data Protection Regulation. Both countries’ changes warrant reviews of company policies and procedures, but they are also quite different: Japan’s straightforward amendments focus on consumer information and data protection, while China turned a controversial focus to network operators managing data.

Continue Reading →
Privacy & Security, Advertising
alert
Daily Journal Names Arent Fox Partners Sarah Bruno and Jennifer Terry 'Top Women Lawyers'

Arent Fox LLP is pleased to announce that Privacy, Cybersecurity & Data Protection partner Sarah L. Bruno and Labor & Employment partner Jennifer C. Terry have been named among the “Top Women Lawyers” in California by the Daily Journal as a result of their impressive track record of successes on behalf of clients, their role as mentors within the firm, and their impact on the overall legal profession.
 

Continue Reading →
Privacy & Security
alert
This Ransomware Will Make You WannaCry

What’s New?

Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter. The WannaCry vulnerability was reportedly first uncovered by the National Security Agency (NSA) but kept under wraps as a potential tool for possible surveillance. It was subsequently found by hackers who released a cache of stolen NSA documents on the internet, including details about WannaCry.
 

Continue Reading →
Health Privacy & Security, Privacy & Security
alert
Our Allies Under Attack! Ransomware Hits the Brits and Quickly Spreading Across Globe – Batten Down the Hatches NOW

What’s New?

Last week, numerous hospitals operated by Britain’s National Health Service (NHS) suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded. Hospitals across Britain shut down their computer systems in order to protect patient data and prevent further spread and advised people to stay home unless there was an emergency. NHS Digital, Britain’s national hospital cybersecurity overseer, stated that 16 NHS organizations across Britain had reported an incident, but that the attack did not appear to be specifically targeting NHS hospitals. At this time, there is no indication that the ransomware has exfiltrated any personal data from the NHS.

Continue Reading →
Product Placement & Distribution, Advertising
alert
FTC Fires Warning Shot Over Misleading Instagram Posts

What’s New?

The Federal Trade Commission recently sent more than 90 letters to celebrities, athletes, and other influencers reminding them that brand endorsements made in social media posts must comply with the FTC’s Endorsement Guides. The letters reminded social media influencers – individuals or groups recruited to promote a brand’s products or services – that social media endorsements must clearly and conspicuously disclose “material connections” between the influencer and the brand, and focused on the need to disclose such connection in Instagram posts.
 

Continue Reading →
Health Privacy & Security, Privacy & Security
alert
New Director, Same Direction for OCR HIPAA Enforcement

What’s New?

On Monday, the US Department of Health & Human Services’ Office for Civil Rights announced that CardioNet has entered into a $2.5 million HIPAA settlement. CardioNet provides mobile cardiac monitoring services and is the first wireless health services provider to enter into a settlement with OCR. CardioNet had not performed a risk analysis or adopted a risk management plan; its Security Rule policies and procedures were still in draft form; and CardioNet was unable to show that it had finalized and implemented any policies safeguarding ePHI, including safeguards for mobile devices. This lack of compliance with the Security Rule contributed to the theft of an employee’s laptop containing the unsecured ePHI of 1,391 individuals.

Continue Reading →
Health Privacy & Security, Privacy & Security
alert
HIPAA Easter: OCR Continues to Censure Healthcare Providers for Overlooking the Security Rule

What’s New?

Last week, the US Department of Health & Human Services’ Office for Civil Rights (OCR) announced that Denver-based Metro Community Provider Network (a federally-qualified health center or FQHC) will pay $400,000 and implement a corrective action plan to settle its violations of HIPAA. The violations include failure to conduct a risk analysis and implement a corresponding risk management plan in accordance with the HIPAA Security Rule, which resulted in vulnerabilities contributing to a data breach.

Continue Reading →
Privacy & Security
alert
Vizio Smart TVs Fail FTC Privacy Test

What’s the News?

The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs. Vizio’s settlement with the FTC and the New Jersey Attorney General comes in at $2.2 million after a complaint that Vizio tracked consumer viewing data on 11 million smart TVs since 2014 without their knowledge and sold it to third parties. Vizio must also delete all data collected up until March 2016, disclose its data practices, and improve its privacy policies.

Continue Reading →
GDPR, Privacy & Security
alert
A29WP Issues Guidance Addressing GDPR Woes: Data Portability Right

This article is one of a three-part series. Read about the data protection officer or the lead supervisory authority at the links.

What’s New?

In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

Continue Reading →
Intellectual Property
alert
In Fight Between Moose Knuckles and Counterfeiters, It’s a KO for the Retailer

What’s New?

An Illinois federal court recently awarded the Canadian retailer Moose Knuckles a $52 million default judgment related to claims of trademark infringement, counterfeiting, and cybersquatting by 26 Chinese defendants. The case offers a useful roadmap for companies that are trying to crack down on anonymous foreign infringers.

Continue Reading →
GDPR, Privacy & Security
alert
A29WP Issues Guidance Addressing GDPR Woes: The Data Protection Officer

This article is one of a three-part series. Read about the data portability right or the lead supervisory authority at the links.

What’s New?

In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

Continue Reading →
Privacy & Security, Blockchain
alert
FTC FinTech Forum on AI & Blockchain Raises Privacy & Security Concerns, Calls for Self-Regulation

What’s New?

Arent Fox’s Privacy, Cybersecurity & Data Protection team members were in attendance when the Federal Trade Commission (FTC) held its third FinTech Forum on March 9th, 2017. The Forum focused on the consumer implications of artificial intelligence (AI) and blockchain, two rapidly developing technologies.

Continue Reading →

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.