FTC Staff Report on ISP Privacy Practices Paves the Way for an FTC Privacy Rulemaking in the New Year

Share

Following up on a mandatory 2019 request for information issued by the Federal Trade Commission (FTC) to the largest Internet Service Providers (ISPs) in the United States, the FTC staff in late October issued a Report titled – A Look at What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers. Among the agency staff’s general findings on ISP data collection and use practices, the most striking perhaps is the apparent degree of integration among ISPs and advertisers with respect to their data collection and use practices. The report also highlights the tools ISPs offer to customers to either manage or control many types of ISP data collection and use.

The information presented in the Report is aggregated and de-identified and has been supplemented with information gathered from follow-up FTC staff questions and meetings with the ISPs that were the subjects of the FTC information request. The Report’s summary of information on real-world ISP data practices could prove useful as Congress wrestles with the potential for federal privacy legislation and states review the need for legislation.

Continue reading “FTC Staff Report on ISP Privacy Practices Paves the Way for an FTC Privacy Rulemaking in the New Year”

New Workplace Privacy Legislation Requires New York Private Employers to Inform Employees of Electronic Monitoring

Share

On November 8, 2021, New York Governor Kathy Hochul signed new workplace privacy legislation (A.430/S.2628) into law. Beginning in May 2022, private employers with a “place of business” in the state of New York will have to inform their employees if the employer “monitors or otherwise intercepts” telephone conversations, e-mail, or internet access or usage “of or by an employee by any electronic device or system.” This legislation does not apply to state or local government employers.

Continue reading “New Workplace Privacy Legislation Requires New York Private Employers to Inform Employees of Electronic Monitoring”

Zombie PHR Breach Rule Rises From the Dead

Share

If an entity that offers a personal health record identifies a breach of information in that record, it is required to provide notice to each impacted individual and to the FTC within 60 calendar days of discovery.

Yesterday, the FTC issued a policy statement announcing a new interpretation of the FTC’s 10-year-old “Personal Health Record Breach Notification Rule.” As the FTC acknowledges, this rule has never been enforced by the FTC. The FTC’s announcement indicates its intention to begin enforcing this rule, which allows the FTC to assess penalties of $43,792 per day of violation.

Continue reading “Zombie PHR Breach Rule Rises From the Dead”

Colorado Privacy Act: The Patchwork of State Privacy Regimes Grows

Share

With Colorado Governor Jared Polis expected to sign the Colorado Privacy Act, SB-190 into law in the coming days, Colorado will join California and Virginia as the third state with a comprehensive data privacy law.1 The Colorado Privacy Act (“CPA”)—which passed with bipartisan support in both the Colorado House and Senate—is similar, but not identical, to the California and Virginia data privacy laws. Although its provisions will not take effect until July 1, 2023, the passage of the CPA grows the patchwork of state privacy regimes and may spur further calls for a uniform federal standard, as compliance for businesses becomes increasingly complicated.

Continue reading “Colorado Privacy Act: The Patchwork of State Privacy Regimes Grows”

Faegre Drinker on Law and Technology Podcast: Privacy Issues and COVID-19

Share

Privacy issues and COVID-19: what do they mean to you and your business? In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with Faegre Drinker’s Reed Abrahamson about the pandemic’s impact on privacy and data security. They examine how organizations are working to balance obligations to simultaneously protect data and their employees’ well-being — along with the risks employers should consider when collecting COVID-related employee information.

Continue reading “Faegre Drinker on Law and Technology Podcast: Privacy Issues and COVID-19”