Behind the Scenes

Arent Fox's advertising law blog - latest news and trends in advertising, data security & privacy, and fashion & entertainment.

Behind the Scenes

Blog Posts by Lourdes M. Turrecha

Privacy & Security
alert
Shutterfly Biometric Privacy Face Off Gets Go-Ahead

The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information. In one closely watched case, photo sharing website Shutterfly faces allegations that it violated consumer privacy by collecting facial scans without consent.

Continue Reading →
Privacy & Security
alert
FTC and 3 Companies Settle Enforcement Charges Regarding False Privacy Shield Claims

Just as the Sword in the Stone could only be used by its rightful owner, the Privacy Shield can only be claimed by the rightfully certified entities. If not, false representations may stir Federal Trade Commission action. The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.

Continue Reading →
Privacy & Security, GDPR
alert
Read Here to Update: Privacy Policies, Connectivity, and Consent in the Age of the GDPR

Thinking about updating your privacy policy? Consider how to get consumer buy-in as part of the process. Your organization may be in the process of revamping its privacy practices, and as a result its external privacy policy, to keep up with the European General Data Protection Regulation (GDPR) and Federal Trade Commission (FTC) rules. This is good practice, but your organization should also consider how to publish the revised policies externally and internally, and whether consumer consent is appropriate.

Continue Reading →
Privacy & Security
alert
Data Divide: Japan’s Clarity and China’s Chaos in Reshaped Privacy and Security Regs

What’s New?

Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets. While the regulations are long-awaited, their implementation follows on the heels of the global Wannacry ransomware data scare and at the same time as companies attempt to prepare for the European General Data Protection Regulation. Both countries’ changes warrant reviews of company policies and procedures, but they are also quite different: Japan’s straightforward amendments focus on consumer information and data protection, while China turned a controversial focus to network operators managing data.

Continue Reading →
Privacy & Security
alert
This Ransomware Will Make You WannaCry

What’s New?

Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter. The WannaCry vulnerability was reportedly first uncovered by the National Security Agency (NSA) but kept under wraps as a potential tool for possible surveillance. It was subsequently found by hackers who released a cache of stolen NSA documents on the internet, including details about WannaCry.
 

Continue Reading →
Privacy & Security
alert
Vizio Smart TVs Fail FTC Privacy Test

What’s the News?

The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs. Vizio’s settlement with the FTC and the New Jersey Attorney General comes in at $2.2 million after a complaint that Vizio tracked consumer viewing data on 11 million smart TVs since 2014 without their knowledge and sold it to third parties. Vizio must also delete all data collected up until March 2016, disclose its data practices, and improve its privacy policies.

Continue Reading →
GDPR, Privacy & Security
alert
A29WP Issues Guidance Addressing GDPR Woes: Data Portability Right

This article is one of a three-part series. Read about the data protection officer or the lead supervisory authority at the links.

What’s New?

In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

Continue Reading →
GDPR, Privacy & Security
alert
A29WP Issues Guidance Addressing GDPR Woes: The Data Protection Officer

This article is one of a three-part series. Read about the data portability right or the lead supervisory authority at the links.

What’s New?

In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

Continue Reading →
Privacy & Security, Blockchain
alert
FTC FinTech Forum on AI & Blockchain Raises Privacy & Security Concerns, Calls for Self-Regulation

What’s New?

Arent Fox’s Privacy, Cybersecurity & Data Protection team members were in attendance when the Federal Trade Commission (FTC) held its third FinTech Forum on March 9th, 2017. The Forum focused on the consumer implications of artificial intelligence (AI) and blockchain, two rapidly developing technologies.

Continue Reading →
GDPR, Privacy & Security
alert
A29WP Issues Guidance Addressing GDPR Woes: The Lead Supervisory Authority

This article is one of a three-part series. Read about the data portability right or the data protection officer at the links.

What’s New?

In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.

Continue Reading →
Privacy & Security
alert
CEOs Beware: Tax Season Brings New Phishing Scams

Phishing scams are arising at a fast and furious pace in the first quarter of 2017, with the IRS recently issuing a warning that these attacks are now targeting non-profits and school districts. These organizations are new on the hit-list, as the phishing attacks have already been known to target for-profit corporations. Phishing is the general term used for how attackers try to persuade a user to provide information. These scams can be conducted by phone or email, and often are so realistic the recipient has no idea that it is not legitimate. Some of the risks of falling prey to these scams is the loss or unauthorized disclosure of sensitive information, the risk of a malware intrusion, or an increased risk of ransomware.
 

Continue Reading →
Privacy & Security
alert
Is A Pen Mightier Than A Shield? Executive Order Sparks International Data Privacy Concerns

What’s New?

An Executive Order from President Trump’s first days in office raised questions about its impact on the hard-won Privacy Shield, which allows about 1,700 companies to legally transfer data between the EEA and Switzerland and the US. The Order adds a new layer of complexity to the agreements and regulations already at play through the Privacy Act, Judicial Redress Act, Umbrella Agreement, and Privacy Shield.

Continue Reading →
Privacy & Security
alert
At PrivacyCon, Researchers Discuss Today’s New Technologies, Highlight Not-So-New Privacy and Security Issues

What’s New?

On January 12, 2017, The Federal Trade Commission (FTC) held its second PrivacyCon conference. PrivacyCon brings together researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss the latest research and trends related to consumer privacy and data security. This year’s PrivacyCon featured presentations from academics and technology researchers covering the following five main areas: (1) the Internet of Things (IoT) and Big Data; (2) mobile privacy; (3) consumer privacy expectations; (4) online behavioral advertising; and (5) information security. FTC Chairwoman Edith Ramirez, who is stepping down effective February 10, 2017, opened the conference with the myriad of ways consumer data is collected, asking if the risks associated with data collection outweigh the benefits.

Continue Reading →
Payment Processing, Electronic Fund Transfers & Mobile Payments, Privacy & Security
alert
New Version of Payment Card Information Standards Targets Recent Breach Issues

What’s the News?

Following recent updates, merchants and retailers will soon become subject to the updated Payment Card Information Data Security Standard (PCI DSS), the security standard that organizations need to follow if they handle credit and debit cards from major card companies, such as Visa, MasterCard and American Express. This round of changes will be known as version 3.2 of PCI DSS, and include significant guidance and updates on hot topics such as encryption and strong credentials. Compliance with the changes is important because companies that are subject to PCI DSS but fail to comply face exclusion from processing credit card payments and/or hefty fines. Sometimes, noncompliance could mean leaving open the doors to your cardholder data environment, thereby allowing hackers and malicious entities to enter.
 

Continue Reading →
Privacy & Security
alert
Swiss-US Privacy Shield Trails EU-US Privacy Shield

What’s New?

Companies transferring data from Switzerland to the US should take note: the Swiss-US Privacy Shield has arrived!

Why Should You Care?

Global companies that transfer personal information—specifically, the transfer of Swiss individuals’ personal information, from Switzerland to the US—must have a legal mechanism in place for doing so. The Privacy Shield provides an enforceable mechanism that the EU and Swiss governments have deemed adequate. The Swiss-US Privacy Shield complements the EU-US Privacy Shield, which applies only to European Economic Area (EEA) member countries.

Continue Reading →
Health Privacy & Security, Privacy & Security
alert
Life’s a Breach - Sitting on that HIPAA Breach Notification Could Burn You

What’s the News?

On January 9, 2017, Presence Health agreed to settle with the U.S. Department of Health and Human Services (HHS) potential violations under the Breach Notification Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.

Continue Reading →
Privacy & Security
alert
FTC Arms Businesses and Consumers Against Ransomware

What’s the News?

The Federal Trade Commission (FTC) recently issued guidance for both businesses and consumers on defending against ransomware, both of which are based on lessons learned from the FTC’s recent ransomware workshop, with panelists that included security researchers, technologists, law enforcers, and business leaders. Ransomware is a form of malicious software that infiltrates computer systems or networks. Typically, ransomware involves encrypting the victim’s data or denying access to the victim’s data, to hold data “hostage” until the victim pays a ransom. It has become one of the most serious online threats facing businesses.

Continue Reading →
Mobile Marketing, Privacy & Security
alert
California Attorney General Crowdsources Privacy Policing to Consumers

What’s New?

In case you missed it, the California Office of the Attorney General (CA OAG) recently released an online tool that empowers consumers to report websites, mobile applications, and other online services that are in violation of the California Online Privacy Protection Act (CalOPPA), a California law that requires website operators that collect personal information from consumers in California to post privacy policies to notify users about their online privacy practices. Given the fact that most online services collect information from California residents, the law has widespread impact.

Continue Reading →
Privacy & Security
alert
FTC Drives Autonomous Car Reg Focus Toward Privacy and Security

The constant slew of innovations and advancements in smart cars has so far left regulators struggling to define new rules to govern this space. The overlapping jurisdictions of three different agencies - the National Highway Traffic Safety Administration (NHTSA), the Federal Trade Commission (FTC), and the Federal Communications Commission (FCC) – with different priorities have only added to the complexity.
 

Continue Reading →
Health Privacy & Security, Privacy & Security
alert
Are Fitness Apps Fit for Privacy Protection?

* The following article was originally published by Healthcare Informatics. To read it on the Healthcare Informatics website, click here

Healthcare professionals who are in a position to recommend the use of fitness apps need to be aware that patients’ personal data can be used in ways that HIPAA would prohibit and that will surprise patients who are trying to be smart about fitness in a smartphone world.

Continue Reading →

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.