(May 21, 2015) The Federal Trade Commission (FTC) advised companies in a blog post Wednesday that it looks positively on cooperation when conducting investigations into data security breaches, The Hill reports. A company that reported a breach on its own and cooperated with law enforcement would be looked on “more favorably” than one that had not, the agency said. “In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach,” said Mark Eichorn, assistant director for privacy and identity protection. The post described what companies can expect when the FTC comes to investigate. Read More

Daily Dashboard

Web Conference: Debating the Role of HIPAA and FERPA in Higher Ed

(May 21, 2015) Colleges and universities around the country have a unique and significant role protecting and supporting students, but a recent focus on the confidentiality of student counseling and medical records has started a debate around the role HIPAA, FERPA and state medical confidentiality laws play in this landscape. To examine these tensions, the IAPP will host a free web conference that will include introductory remarks from Sen. Ron Wyden (D-OR) and insights and analysis from Rhode Island School of Design General Counsel Steven McDonald, Wiley Rein Partner Kirk Nahra, CIPP/US, University of Wisconsin-Madison Health Services Executive Director Sarah Van Orman and Future of Privacy Forum Senior Counsel Brenda Leong. Read More

Daily Dashboard

FCC Reminds ISPs To Protect Consumer Privacy

(May 21, 2015) The Federal Communications Commission (FCC) is reminding Internet service providers (ISPs) to ensure they safeguard consumer privacy, The Washington Post reports. An FCC document states “the Enforcement Bureau intends to focus on whether broadband providers are taking reasonable, good-faith efforts to comply with Section 222 rather than focusing on technical details.” The FCC states that providers “should employ effective privacy protections in line with their privacy policies and core tenets of... Read More

Daily Dashboard

Settlement Reached: RadioShack Must Destroy Customer Data

(May 21, 2015) A “coalition of 38 states” prevailed in ensuring that the newly bought-out RadioShack will not sell the greater part of its collection of customer data—including credit card information, Social Security numbers and phone numbers—but by mandate must destroy it, Your Houston News reports. Texas Attorney General Ken Paxton was pleased with the ruling. “This settlement is a victory for consumer privacy nationwide,” he said. “The fact that 38 states joined together in this case reflects a growing understanding of the importance of safeguarding customer information, and we are pleased that General Wireless (the corporation that bought RadioShack) will continue to be bound by RadioShack’s existing privacy policy.” Read More

Daily Dashboard

Draft Text: Fines for RTBF Violations Would Increase

(May 21, 2015) EurActiv reports that EU ambassadors have agreed to a draft text proposed by Latvia—which currently holds the rotating presidency of the EU—that would implement three levels of fines for businesses that violate the EU’s data protection overhaul. The levels range from one-half percent to two percent of an organization’s annual global turnover. Failure to “erase personal data in violation of the right to erasure and ‘to be forgotten’” would be included in the second category of a one-percent fine. If all of the sections of the reform proposal are agreed upon, EU ministers could endorse the entire text at their mid-June meetings, the report states, and trialogue discussions between member state representatives and the European Parliament would commence. Read More

Daily Dashboard, Europe Data Protection Digest

States Settle With Credit Bureaus on Consumer Reports

(May 21, 2015) The Wall Street Journal reports 31 states have reached a settlement with credit bureaus Equifax, Experian and TransUnion requiring them to alter the way they handle consumers’ financial and credit history data. Topping the list of changes, the firms must provide the participating states with the lender names and other businesses that consistently share erroneous data. If the states see a spike in consumer complaints regarding inaccurate information, the state attorneys general (AGs) may have the... Read More

Daily Dashboard

Uber Ups the Privacy Ante with New Hires

(May 21, 2015) Sabrina Ross, CIPP/US, formerly of Apple, is joining Uber’s privacy team in the midst of the company’s initiative to improve its privacy processes. “At Uber, she’ll specifically work on privacy aspects of regulatory and policy issues. She’ll also be reviewing the privacy practices of Uber’s partnerships with companies like Spotify, Starwood and American Express,” Re/Code reports. Ross will be joining the likes of Chief Security Officer Joe Sullivan and Managing Counsel Katherine Tassi, who previously served as Facebook’s head of data protection. The focus on privacy has, according to an Uber report, resulted in improvements. “Uber has dedicated significantly more resources to privacy than we have observed of other companies of its age, sector and size,” the review said. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Health Organizations Cite Privacy as Top Concern

(May 21, 2015) In the Office of the National Coordinator for Health IT’s recently published public comments on its draft for nationwide interoperability, health data privacy and security were top issues for several organizations, HealthITSecurity reports. The office released Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap Draft Version 1.0 in January, and in the public comments, accepted through April 3, many agencies said they were in favor of interoperability and data exchanges but that providers “must be interoperable without sacrificing patient privacy in the process,” the report states. Intel submitted that privacy and security protections must be addressed holistically through “effective end-to-end security” to protect against exploitations like cybercrime. Read More

Daily Dashboard

DoJ: Some NSA Programs Could Shut Down this Week

(May 21, 2015) National Journal reports on a Justice Department memo saying that Congress must settle its differences over extending provisions in the USA PATRIOT Act by Friday to avoid interruption in the National Security Agency’s (NSA) intelligence-gathering programs. The law is slated to expire on June 1, but the memo states that, after May 22, the NSA “will need to begin taking steps to wind down the bulk-telephone-metadata program in anticipation of a possible sunset in order to ensure that it does not e... Read More

Daily Dashboard

Member States Calling for Transparency from Internet Giants

(May 21, 2015) Ahead of a European Council meeting on proposed cybersecurity rules, France, Germany and Spain are hijacking the debate in hopes of using the rules to “boost control and surveillance over Internet companies, claiming they are critical to their economies and communication networks,” Politico reports. The proposal requests that Internet firms offer “greater transparency” to the EU and that firms outside the EU “report security breaches to national regulators in each member state,” similar to the burden placed on European telecom companies. “Nevertheless,” the report states, “the proposed rules will likely add to the long list of disputes pitting European authorities against U.S. tech firms.” Read More

Daily Dashboard, Europe Data Protection Digest