Wright Will Be Missed at FTC

(Aug 28, 2015) While some critics painted him as anti-privacy, Arnall Golden Gregory Partner Bob Belair argues in a post for Privacy Perspectives that recently resigned FTC Commissioner Joshua Wright’s record shows that criticism to be unfair. Rather, his perspective on privacy will be missed at the FTC, as it was unique among the commissioners. “Should the privacy community care about Wright’s departure?” Belair writes with AGG Associate Maayan Lattin, “I think so.”Full Story... Read More

Wright Will Be Missed at the FTC

(Aug 28, 2015) This week, Commissioner Joshua D. Wright left the Federal Trade Commission (FTC) to return to his faculty position at George Mason University. Wright was one of two Republican commissioners and, in his almost three-year tenure at the Commission, Wright focused mostly on the FTC’s antitrust responsibilities. That being the case, should the privacy community care about Wright’s departure? I think so. Many privacy advocates have criticized what they see as Commissioner Wright’s overly empirical, ... Read More

Research: Government Failing on PIAs

(Aug 27, 2015) The government “has failed to conduct proper privacy impact assessments (PIAs) on almost 90 per cent of the national security measures it has passed in the last 14 years,” ABC News reports. That’s according to independent research by privacy advocate Roger Clarke, the report states, noting that since the Sept. 11, 2001, terrorist attacks, “Australia has passed about 72 security-related measures—from increasing electronic spying, to metadata and biometrics,” but “only 20 of those laws had a... Read More

SEC Won’t Penalize Target for Breach

(Aug 26, 2015) The Securities and Exchange Commission (SEC) has decided not to penalize Target for its 2013 cyber-attack, which resulted in the exposure of millions of customers’ data, StarTribune reports. The SEC was one of several government entities investigating the company following the breach, the report states. In Target’s quarterly results document, which was filed with the SEC and published online for Target’s investors, the company said the SEC’s investigation had ended and that it “does not intend t... Read More

Wyndham: Easy Cases Make Good Law

(Aug 25, 2015) As Justice Oliver Wendell Holmes once wrote, hard cases make bad law; the corollary, perhaps, is that easy cases make good law. That was certainly true in Wyndham Hotels v. Federal Trade Commission (FTC), which pitted the hotel chain, whose allegedly appalling data security practices led to persistent leaks of customer information, against the federal trade regulator. On Monday, the U.S. Court of Appeals for the Third Circuit dealt the FTC a resounding legal victory—and Wyndham a stinging defeat... Read More

Meet Hong Kong’s New DPA

(Aug 25, 2015) Earlier this month, Stephen Wong assumed the post of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) for the next five years. Wong is no stranger to pressure-packed offices. He worked for 10 years in the public prosecutor’s office early in his career, tackling murder cases and high-level white-collar crime, before moving into human rights law and helping to pass the 1991 Hong Kong Bill of Rights Ordinance. Most recently, he has been working in private practice and with the Law Reform Commission of Hong Kong, which has prepared him well for the his work as PCPD. Read More

Singapore PDPC Advises on Breach Aftermaths

(Aug 25, 2015) The privacy regulator in Singapore recently provided a how-to guide for managing data breaches. The guide sets out some practical steps that organizations may choose to follow when personal data has been compromised and includes expectations on when to notify, Adrian Fisher reports. Read More

Court of Appeals: FTC Has Jurisdiction in Wyndham Case

(Aug 24, 2015) The U.S. Court of Appeals for the Third Circuit has rejected Wyndham Worldwide Corp.’s effort to end a Federal Trade Commission (FTC) case alleging Wyndham failed “to secure its computers from Russian hackers,” BloombergBusiness reports. While the FTC said it has the power to bring enforcement actions against companies that fail “to take reasonable steps to prevent breaches,” Wyndham argued that if the FTC’s jurisdiction extends that far, it might as well have the power “to regulate the locks on... Read More

DPA Fines Data Seller, Purchaser

(Aug 20, 2015) The Bavarian Data Protection Authority (DPA) recently fined both a seller and purchaser “for unlawfully transferring customer data as part of an asset deal,” JDSupra reports. Citing the economic value of customer data, the report notes, “It frequently happens that a company tries to sell these high-value assets to another company as part of an asset deal.” In the Bavaria DPA case, the report states, “transferring customer email addresses requires prior customer consent or, alternatively, custome... Read More