Skip to main content

Privacy & Cybersecurity

Viewpoints

Filter by:

Our previous post discussed the decision in Marshall v. CBE Group, Inc., which completely rejected the FCC’s broad interpretation of an ATDS and found in favor of the defendant. Since then, another district court in the Ninth Circuit has followed suit, but three others in the Eleventh Circuit have concluded that the FCC’s 2003 Order survives ACA Int’l. It could behoove some TCPA defendants to seek stays while this circuit split is sorted out or until after the FCC clarifies its position on the ATDS issue following ACA Int’l.
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements, which will create one of the strictest state based privacy and data breach laws in the country, will go into effect September 1, 2018. 
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical security.

HAPPY GDPR DAY!!

May 25, 2018| Blog

If you glance at the “countdown clock” in the left hand sidebar of our blog, you’ll see that it has reached 00:00:00. GDPR Day is here. But, unlike Y2K (for those of you old enough to remember the near-hysteria), 25 May 2018 is only the beginning of the GDPR compliance road and not a “completion date.”

Still Thinking about GDPR?

May 15, 2018| Blog

We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands in the hourglass are running low.
Comments on the FCC’s Second Further Notice of Proposed Rulemaking (FNPRM) are due on June 7, and replies are due by July 9. The second FNPRM was adopted at the March Commission Meeting and seeks input on the adoption of a reassigned numbers database that businesses could check to avoid making unwanted calls to a new subscriber whose number was previously assigned to a consumer who had consented to receiving their calls.

On May 3, the Peer-to-Peer Alliance (P2P Alliance) filed a Petition for Clarification asking the FCC to clarify that P2P text messages to mobile numbers are not subject to TCPA restrictions. It explained that P2P messaging is often used by universities, nonprofits, businesses, and political organizations to communicate with individuals with whom they already have a relationship.
On April 23, the FCC and FTC hosted a joint expo aimed at stopping illegal robocalls through technological solutions. The expo showcased innovative technologies, devices, and applications that minimize or eliminate the number of illegal robocalls consumers receive. The expo was held one month after the FCC and FTC’s Joint Policy Forum on fighting illegal robocalls, and in between the Senate Commerce and House Energy & Commerce Committee hearings on the same topic.
As we wrote in a previous post, on March 16, 2018 the US Court of Appeals for the District of Columbia Circuit released its highly anticipated decision in ACA International v. Federal Communications Commission. Among other things, the DC Circuit set aside the Commission’s explanation of which devices qualified as Automatic Telephone Dialing Systems under the Telephone Consumer Protection Act. Though the decision has been out for less than two months, courts in the Ninth Circuit have taken notice.
The North American Numbering Council (NANC), a federal advisory committee established by the FCC, delivered a call authentication report to the FCC on May 3. The report was developed by the Call Authentication Trust Anchor Working Group (CATA WG) and approved by NANC on April 27. It “details a framework for call authentication that can more quickly be established than various alternatives, while obtaining the broadest participation of industry.”
Every month, robocalls make up the majority of Do Not Call registry complaints at the Federal Trade Commission (FTC). The FCC estimated that in March 2018 approximately 3 billion robocalls were placed. In an effort to combat these illegal robocalls, the Senate Commerce Committee and the House Energy & Commerce Committee each held a hearing regarding these illegal robocalls and asked witnesses for ideas on how to combat this rampant problem.

Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of collecting children’s geolocation data without parental consent may be in violation of the Children's Online Privacy Protection Act (“COPPA”).
A challenge to the use of a cy pres charitable donations to settle privacy claims against Google will be heard by the Supreme Court. In Frank v. Gaos, petitioners seek reversal of lower court decisions rejecting their objection to an $8.5 million settlement of claims arising from Google’s transmission of users’ search terms to third-party websites.
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team for nearly 10 years) to provide you with the latest information.
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October 2016, which it knew about but did not disclose until November 2017, after it settled over its initial May 2014 breach.
On March 22, 2018, the Federal Communications Commission (FCC) adopted a Second Further Notice of Proposed Rulemaking (FNPRM) proposing the creation of a reassigned numbers database. Under the proposed rules, the FCC will ensure that a database is available to provide callers with the timely and comprehensive information they need to avoid calling reassigned numbers. The FNPRM also seeks comment on the kind of information that callers need from such a database, the best way for service providers to report this information, and whether the FCC should adopt a safe harbor from TCPA liability for callers who check the database.
Roughly around this time last year, the U.S. Supreme Court issued its ruling in Bristol-Myers Squibb v. Superior Court, 137 S. Ct. 1773 (2017), wherein the Court rejected the California Supreme Court’s finding of specific jurisdiction over mass tort claims filed by nonresidents.

Facebook has recently chosen to no longer fund opposition to the California Consumer Privacy Act, which could appear on the California State Ballot as an initiated state statute on November 6, 2018.
As the clock ticks down to May 25, 2018, when the European Union’s General Data Protection Regulation (“GDPR”) becomes fully enforceable throughout the EU, the Internet and airwaves have become saturated with guidance for companies about what to expect and how to prepare for its new protections and restrictions.
Alabama has joined the "crazy quilt" of state data breach notification laws with the governor's signature of the Alabama Data Breach Notification Act of 2018.

Explore Other Viewpoints: