By Mark O’Conor and Elliot Katz

Among the fastest growing sectors in the industry of smart things is the connected car. No longer a simple way from point A to point B, cars now comprise a computer, cell phone and camera all rolled into one motorized package. Because these cars collect and transmit significant amounts of data, and can access sensitive information on drivers’ (and passengers’) cell phones, many vehicle owners are asking what lies ahead for their personal privacy.
Continue Reading

By Giulio Coraggio and Kate Lucente

In its February 2015 Report on the Internet of Things (IoT), the FTC estimated that there are now 25 billion connected devices worldwide. Another more conservative report by Gartner estimates there will be 2.9 billion connected devices in the consumer sector this year and 5 billion total, and that total will climb to 25 billion by 2020. Regardless of the accuracy of the numbers, clearly the growth of IoT presents unique challenges because of the sheer variety of “connected devices” – from sprinklers, to fitness trackers, to connected cars – and the data they may collect. It is therefore not surprising that regulators have released privacy and security guidance and frameworks for IoT.


Continue Reading

Republished from Law A La Mode 

By: Carol Umhoefer, Kate Lucente, and Belinda Tang

Online retail presents unparalleled opportunities for reaching new consumer markets and collecting consumer data. With such opportunities, however, come heightened regulatory scrutiny, compounded by high-profile consumer data security breaches in the US, Germany and elsewhere. Not surprisingly, there have long existed specific requirements for the collection and use of consumer data in the context of online retailing, for example in the US. Other countries, notably China, are now also regulating consumer privacy, and there are more changes to come, particularly in the EU.


Continue Reading

This post originally appeared in DLA Piper’s Sports, Media and Entertainment Blog

By Patrick Van Eecke & Elisabeth Verbrugge

The Global Privacy Enforcement Network (GPEN) recently released the results of the global privacy sweep of mobile applications it conducted in May 2014.

More than 25 privacy commissions around the world examined a total of 1,211 mobile apps. The sweep targeted both Apple and Android apps, both free and paying apps, both public and private sector apps and covered a variety of different types of apps, ranging from games over health apps to banking apps. The privacy commissions’ reviews focused in particular on transparency and consent.


Continue Reading

Reposted from Cybersecurity, Privacy and Data Security, Security Breaches, Technology and Commercial

By: Tara Swaminatha and Aravind Swaminathan

If your company has a Point of Sale (POS) terminal anywhere in its infrastructure, you are no doubt aware from the active media coverage that malware attacks have been plaguing POS systems across the country.

Just within the past week, the New York Times has reported that:

Companies are often slow to disclose breaches, often because of the time involved in immediately-required investigations;

Congress is beginning to make inquiries of data breach victim companies; and

Even those companies who have conducted cybersecurity risk assessments still get attacked, often during the course of implementing new solutions to mitigate potential problems and protect their customers’ payment cards or other personal information.

Former employees can be a source of information to the media about your efforts to investigate and secure your POS systems.


Continue Reading

Reposted from Data Protection, Privacy and Security Alert

By Michael Malloy and Pavel Arievich

There has been an important development in Russian Data Protection Law. On July 22, 2014 a new law amending the law on data protection and law on information was signed off by the Russian President and thus was officially adopted. The law, will come into force on September 1. 2016.


Continue Reading

By Scott W. Pink and Carissa Bouwer

California Attorney General Kamala Harris launched yet another shot across the bow of advertisers when she filed a complaint last week against Delta Airlines in San Francisco Superior Court alleging that Delta had distributed a mobile app without providing notice of its privacy policy in violation of the California Online Privacy Protection Act, enacted in 2004 (“California Online Privacy Act”). Advertisers will need to take note of this case and review their mobile applications to ensure they are in compliance with the California Online Privacy law.

The California law requires commercial operators of websites and online services to conspicuously post detailed privacy policies which inform consumers of the personal information that is collected from them and how that information will be used. Cal. Bus. & Prof. Code §§ 22575-22579. Although it is a California state law, it has ramifications for all app developers because the law applies to any operator of a website or online service that collects personally identifiable information about consumers residing in California. Personally identifiable information includes name, address, e-mail address, telephone number, social security number, and any other identifier that permits contacting a specific individual. California law provides for fines up to $2500 per noncompliant app that is downloaded by a California consumer. Id. at § 17200, et. al.


Continue Reading