Keeping Promises: Corporate Control Transactions Do Not Nullify Data Obligations

(Jul 1, 2015) The New York Times (NYT) sounded an alarm this week with respect to wholesale transfers of consumer data in the context of corporate mergers, acquisitions and bankruptcy transactions. The NYT's research demonstrates that regardless of the promises in a company’s privacy policy, when the company is up for sale all bets are off. The article looks at 100 of the most popular websites, finding that “of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfe... Read More

The USA FREEDOM Act Explained

(Jun 16, 2015) Recently, President Obama signed the USA FREEDOM Act into law. Hailed, the “biggest intelligence reform in 40 years,”the FREEDOM Act is considered the first major pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978. Notably, the FREEDOM Act requires the government to obtain a targeted warrant to collect phone metadata from telecommunications companies, increases the transparency of the Foreign Intelligence Surveillance Cou... Read More

FTC v. Wyndham: Has the FTC Declared Unreasonable Security “Unfair”?

(Apr 10, 2015) In the latest installment of the FTC v. Wyndham case, the Third Circuit Court of Appeals is set to determine the scope of the agency’s authority over unfair trade practices in the arena of cybersecurity. On March 27, the Federal Trade Commission (FTC) and Wyndham Worldwide Corp. filed supplemental briefings in the Third Circuit presenting arguments on whether the FTC has declared that unreasonable cybersecurity practices are unfair, and, assuming the FTC has not determined that unreasonable cybe... Read More

Obama’s Latest Cybersecurity Bill: Something Old, Something New, Something Borrowed, Something Blue

(Apr 8, 2015) President Barack Obama recently announced new legislation aimed at enhancing cybersecurity by authorizing information-sharing between private and government entities as well as among private entities. In this Privacy Tracker post, IAPP Westin Fellow Arielle Brown analyzes the proposal and how it compares to Obama’s previous proposal and other cybersecurity bills including the Cyber Intelligence Sharing and Protection Act and the Cyber Information Sharing Act. “While the president’s cybersecurity proposal takes significant steps toward incorporating new privacy protections, it leaves unanswered important questions and interpretative ambiguities,” Brown writes. Read More

Examining the President’s Proposed National Data Breach Notification Standard Against Existing Legislation

(Feb 27, 2015) President Obama’s recent proposal of a National Data Breach Notification Standard (or The Personal Data Notification & Protection Act) has received widespread attention for its promise to preempt and unify the existing patchwork of state-level requirements. IAPP Westin Research Fellow Patricia Bailin analyzes the proposed bill and how it would impact state, city and territorial laws. Read More

How Much Security is Enough? Check the FTC Casebook

(Jan 26, 2015) How will you know what the FTC deemed unreasonable in dozens of enforcement actions? As seasoned privacy experts, you can of course go to the FTC website to seek, download and plough through all of the more than 180 FTC privacy and data security cases. But, as of last week, there’s a far better way: The IAPP Westin Research Center has launched its FTC Casebook, which is available at no additional charge to IAPP members. Read More

Using the FTC Casebook to Find Your Geolocation Strategy

(Jan 20, 2015) Though you should certainly turn to the Casebook in emergency situations (as we suggested in a previous hypothetical scenario), this resource is also valuable for “preemptive” privacy and data security decision-making – aka privacy by design. Read More

Security breach through P2P network? Check the FTC Casebook

(Jan 16, 2015) After a great deal of work, the IAPP Westin Research Center has launched its casebook of FTC privacy and data security enforcement actions. The casebook is a digital resource, collecting all 180 FTC enforcement actions (for now) and making them easily accessible, full-text searchable, tagged, indexed and annotated. To help you better understand the benefits and functionality of this tool, we have developed several use cases displaying how you might search the casebook and make use of the results... Read More

Privacy Is the New Antitrust: Launching the FTC Casebook

(Jan 15, 2015) On Monday, presaging his sixth State of the Union Address, U.S. President Barack Obama visited the Federal Trade Commission (FTC) bearing a message of sweeping privacy reform. Coincidentally, it was almost exactly 101 years ago that President Woodrow Wilson, in his January 20, 1914, State of the Union Address, announced his antitrust initiative to Congress, declaring, “We are all agreed that ‘private monopoly is indefensible and intolerable.’” The result of that speech was the passage of the FTC... Read More

The FTC Refutes Wyndham’s Challenge; Unreasonable Security Is “Unfair”

(Nov 13, 2014) Generating a flurry of conversation among privacy professionals worldwide, the U.S. Federal Trade Commission (FTC) last week filed its response to Wyndham Worldwide Corporation’s interlocutory appeal in the Third Circuit. It’s the most recent activity in a case that began in 2012, when the FTC issued a complaint against Wyndham alleging data security failures that enabled three data breaches between 2008 and 2009. IAPP Westin Research Fellow Patricia Bailin, CIPP/US, examines the history of the case and the latest developments. Read More