Insights

Settlement about Privacy Misrepresentations:
On May 3, the Federal Trade Commission announced that it settled charges against two companies – Ceridian Corporation and Lookout Services, Inc. – for claiming that they would take reasonable measures to secure the personal information of the employees of their business customers, but failed to do so. The alleged misrepresentations about the companies’ data security measures became known to the FTC after security breaches occurred at both companies. The settlements bar misrepresentations by the companies, including misleading claims about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. The settlements also require the companies to implement a comprehensive information security program and to obtain independent, third-party security audits every other year for 20 years.

Hearing on Protecting Mobile Privacy:
The Senate Judiciary Subcommittee on Privacy, Technology and the Law held the subcommittee’s first hearing – “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy” – on May 10, 2011. Senator Al Franken (D-Minn.), Chairman of the subcommittee, invited representatives from Apple and Google. The Senate Committee on Commerce, Science, and Transportation also held a hearing on May 19 to address privacy concerns in connection with mobile technology. The hearings come in the wake of news that certain mobile devices store users’ location information in an unencrypted file. Senator Franken sent a letter to Apple CEO Steve Jobs setting forth his privacy concerns about the operating system used by Apple’s mobile devices and requesting information on why Apple collects such data, how it is generated, and whether users can disable the location tracking. Congressman Edward Markey (D-Mass.) sent a similar letter to Apple expressing his concerns. On April 27, Apple released a response on its website, to the letters. Apple also sent a letter to Representative Markey on May 6 which provides additional details regarding Apple’s collection, storage, and use of location information on Apple mobile devices.

Responses to Congressional Inquiry on Wireless Data Security:
On April 28, Congressmen Edward Markey and Joe Barton (R-Tex.) released the responses from the four major U.S. wireless carriers – AT&T, Verizon, Sprint, and T-Mobile – after the Congressmen wrote to the companies inquiring about their data collection, storage, and disclosure practices for customers’ personal information. The Congressmen expressed concern over customers’ use of independent third-party applications on their mobile devices, noting that third-party developers can access customers’ location data and personally identifiable information without the customer’s consent.

Congressional Inquiry After Data Breach:
A data breach of the Sony PlayStation Network occurred between April 17-19, 2011, potentially compromising the sensitive personal and financial information of 50 to 75 million users. Senator Richard Blumenthal (D-Conn.) wrote the President and CEO of Sony Computer Entertainment America demanding answers over the company’s then-failure to notify customers of the data breach and asking the company to provide customers with free data security services and insurance from the possible financial consequences of identity theft. On April 28, Senator Blumenthal called for the U.S. Department of Justice to investigate the breach. A second Sony data breach, which reportedly occurred days before the larger breach, may have compromised approximately 25 million customers’ personal information, including debit and credit card numbers.

Settlement of Do Not Call Registration Violations:
On April 21, the Federal Trade Commission announced that it reached a $100,000 settlement with Electric Mobility Corporation, the manufacturer of scooters used by disabled and elderly persons, and its owner to resolve allegations that the company illegally called more than three million consumers on the national Do Not Call Registry. The consumers had entered a sweepstakes promotion by Electric Mobility and provided their telephone numbers on the entry forms so that they could be contacted if they won. The FTC alleged that the sweepstakes entry form did not establish a business relationship with the consumer that would exempt the company from the Do Not Call provisions of the FTC’s Telemarketing Sales Rule. The settlement bars Electric Mobility from using sweepstakes entries as the basis for claiming an established business relationship with any consumer and also includes monitoring and reporting requirements. In addition, the settlement imposes $100,000 in civil penalties against the owner of Electric Mobility, and the company itself is subject to a $2 million penalty, which is suspended based on its inability to pay.

Department of Commerce Privacy and Security Initiative:
On April 15, the U.S. Department of Commerce launched the administration’s National Strategy for Trusted Identities in Cyberspace, an administrative initiative that aims to foster private sector development of new technologies that can improve both the privacy and the security of sensitive online transactions. More information on this latest initiative can be found at www.nist.gov/nstic.

Senate Introduces Commercial Privacy Bill of Rights:
On April 12, Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) introduced “The Commercial Privacy Bill of Rights Act of 2011” which establishes a framework for companies to protect the personal information of consumers and grants the Federal Trade Commission privacy rulemaking and enforcement authority and the authority to approve industry-created safe harbor programs. Senator Kerry’s website has posted the text of the new legislation, as well as a section-by-section summary of the Act.