USA

Department of Commerce Publishes Green Paper on Privacy

Francoise Gilbert

On December 16, 2010, the Department of Commerce released its Internet Policy Task Force Privacy Green Paper, which details recommendations on the protection of consumer privacy online.  Titled “Commercial Data Privacy and Innovation in the Internet Economy:  A Dynamic Policy Framework”, the Report provides a set of recommendations to strengthen data privacy while protecting innovation, job creation, and economic growth.

The Report recognizes that more than self-regulation is needed.  It acknowledges the economic and social importance of preserving consumer trust in the Internet, and the need to keep pace with changes in technology, online services and Internet usage.  To do so, consumers need more transparency and control over the use of their personal information.  The new framework must help increase protection of consumers’ commercial data while supporting innovation and evolving technology. (more…)

Read More

FTC’s Proposed Privacy Framework: More Obligations for US Businesses?

Francoise Gilbert

In its long awaited report on privacy protection, which was published on December 1, 2010, the Federal Trade Commission outlines a Proposed Privacy Framework for businesses and policy makers. The Proposed Framework would focus on the collection, maintenance, sharing, or use by commercial entities of consumer personally identifiable information, online and offline. “Personally identifiable information” is defined as data that can be reasonably linked to an individual, computer, or device.

The proposed Framework does not promote the adoption of legislation, but it identifies three areas of focus:

  • Promoting privacy throughout the organization, and at every stage of the development of products and services;
  • Simplifying choices for consumers; and
  • Providing greater transparency of data practices.

The FTC staff has requested that comments on each component of the Privacy Framework and how it might apply in the real world be filed by January 31, 2011. The Commission will issue a final report in 2011. (more…)

Read More

FTC’s Privacy Framework: Similarities with EU Privacy Directives

Francoise Gilbert

On December 1, the FTC issued its long awaited report in which it outlines a Proposed Framework for businesses and policy makers for the protection of personal data. The Proposed Framework would reach a broad range of commercial entities, both online and offline, that collect, maintain, share, or use consumer data. The protection would apply not only to what has traditionally been named “personally identifiable information” that can be reasonably linked to an individual, as this has been done in the past, but also to data that can be reasonably linked to a specific computer or device. (FTC Report, p. 42).

(more…)

Read More

When Will Your CEO’s Social Media Postings End-Up in a Court Room?

Francoise Gilbert

Social networks such as Facebook and MySpace allow members to create an online profile that may be accessed by other members.  Some social networks have privacy controls that allow members to choose who can view their profiles or contact them.  Others do not require pre-approval to gain access to a member’s profiles.

These materials are easy target for trial or litigation attorneys who may wish to use them to impeach the opposing party or its witnesses. (more…)

Read More

Department of Energy’s Report on Data Access and Privacy Issues Related to Smart Grid Technologies

Francoise Gilbert

On October 5, 2010, the US Department of Energy (DoE) issued two important reports that outline recommendations for the use of Smart Grid technologies.  One of the reports focuses on the protection of personal data that will be collected through Smart Grid meters, the other addresses communications requirements.  Both reports were issued after consultation with the utilities, consumer advocates, and telecommunications companies.

The 65 page DoE report on Data Access and Privacy Issues Related to Smart Grid Technologies recommends that detailed energy consumption information that is collected through the use of Smart Grid technologies be accorded privacy protections that are similar to the protections that are granted to other categories of personal data. (more…)

Read More

Google Engineer Fired for Accessing User Accounts

Francoise Gilbert

Google fired a software engineer because he allegedly took advantage of his position as a member of an elite technical group at the company to access user accounts in violation of the company policy.  Accounts accessed included those of four minors whom he had encountered through a technology group, according to reports by CNN and Gawker.

While there is no allegation of sexual predatory behavior, the engineer appears to have spied on minors’ accounts, accessed their contact lists and chats transcripts.

Given Google’s size it is almost predictable that an incident such as this would happen. When a company has thousands of employees, it is just a matter of statistics and probability. If X% of the country’s population is immature, emotionally unstable or has other personal problems, it is likely that these same characteristics will appear in the workforce of companies, despite the employers’ attempts at identifying the problem employee and prevent the occurrence of any mishap. (more…)

Read More

Lessons from FTC v. Twitter

Francoise Gilbert

Security is not just for credit card and social security numbers

The proliferation of security breach disclosure laws has brought companies’ attention to the need to protect financial information, social security, and drivers license numbers. Since most of these laws target only these categories of data, and most state laws that require the use security measures also have focused on these categories of data, many companies have limited their information security efforts to the protection of a small amount of data: credits cards, social security and drivers license numbers. As a result, other categories of data that have not been in the limelight or the subject of investigative reporting have been neglected. (more…)

Read More

Of Cookies and Spam

Francoise Gilbert

What’s Cookin’ in the European Union?

The European Union Member States will soon change the rules that apply to cookies and unsolicited messages. Recent amendments to the ePrivacy Directive require the Member States to implement new restrictions in their national laws by June 2011. These changes are likely to significantly affect the procedures and processes used for marketing in, or with, the European Union. The most important change creates new rules for the use of cookies.

(more…)

Read More

Location Information in Consumer Contracts

Francoise Gilbert

The use of location-based services by consumers, such as for the provision of directions, traffic information, or mapping to locate nearby stores, should be subject to terms and conditions that address the quality of the service, and the reliability of the data. In addition, the contract should address the privacy concerns of the customer. The collection, use and sharing of location information might raise more concerns than that of other data such as their name, phone number or the duration of a call. Thus, special attention should be given to the protection of the location data.

(more…)

Read More

Information Privacy and Security Current and Emerging Issues in the United States

Francoise Gilbert

Not so long ago, the Internet was a separate world.  We distinguished e-commerce and other activities in “cyberspace” from those that were conducted in the brick and mortar world.  Today, most companies are exploiting at the same, and to the fullest extent possible, all of the vast resources that are available through the Internet, the World Wide Web and otherwise.

Concurrent with the convergence of cyberspace with the brick and mortar world, telephone and information technologies are converging.  From one single device, we can make calls, send emails, browse the web, review our documents, and even pay for our lattes.  With this convergence, and the ubiquitous need for access to personal information databases, data protection issues have gained greater importance.  Without customer information, companies cannot create products adapted to client needs or target the right client for a sale.

However, holding personal information without adequate safeguards may lead to disaster.  Companies have lost goodwill, to the point of bankruptcy, for having failed to address privacy and information security issues.

This article will look at selected current issues and trends in information privacy and security. (more…)

Read More