Following the lead of California, Virginia is set to become the second U.S. state to enact comprehensive consumer privacy legislation. Virginia Governor Ralph Northam is expected to sign the Consumer Data Protection Act (“CDPA”) into law, which will go into effect on January 1, 2023. As it may take businesses some time to make sure they are in compliance by the January 1, 2023 effective date, it is recommended that businesses review their current privacy practices and make any necessary changes.
As many businesses may be aware by now, California recently enacted sweeping new laws governing the collection, use and management of personal information. The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 has many businesses struggling to understand the application of the law and exactly what a business needs to do to comply. In an effort to clarify some aspects of the law, California issued draft regulations in October 2019 that provided some guidance to businesses, and those draft regulations continue to be revised as late as March 11, 2020. While still not finalized, the revised CCPA draft regulations offer some clarification, and open up more questions, on certain issues.
Olshan Partner Andrew Lustigman and Associate Mason Barney Discuss Recent Actions for how Companies Approach Cybersecurity.
Cyber-liability coverage cannot be addressed in a one-size-fits-all fashion.
Andrew Lustigman spoke at the Direct Marketing Association and Mobile Marketer's 6th Annual Mobile Marketing Day.
Andrew Lustigman to speak at the fourth annual Mobile FirstLook: Strategy 2015 conference on January 15.
Complaint says Ring Pop promotion violated children’s privacy law, serves as an important reminder of COPPA.
Lustigman discusses the non-appealable decision recently made by the highest court in the European Union, that Google must, in some cases, honor requests from its search engine users to delete links to personal information.
Effective January 1, 2014, a modification to a California law now requires any "operator of a website or online service that collects personally identifiable information" through the Internet on California residents to include new do-not-track disclosures in its privacy policy.
One of the drafting tasks attorneys are increasingly faced with is to create privacy policies for their clients' websites and other online resources.
On November 27th, 2013, the European Commission announced that it would not suspend the safe harbor agreement between the EU and the United States that has allowed cross-border personal data transfers between the two jurisdictions since 2000.
Of Counsel Jonathan Ezor contributed extensively to a Law360 (subscription required) article about the obstacles European Union companies will face as they attempt to join in "big data" business.
By William MacDonald*
In a speech yesterday to the American Advertising Federation new Federal Trade Commission Chair Edith Ramirez urged the advertising industry to give consumers "effective and meaningful privacy protection" by agreeing on a global standard that would let consumers signal with their browsers to websites, advertising networks and data brokers that they do not want their online activities monitored for marketing purposes.
Recently, 79-year old model Gita Hall May ("Hall") filed suit against Lions Gate Entertainment in Los Angeles Superior Court, alleging that the opening title sequence of the hit show "Mad Men" uses her iconic image without permission.
By William MacDonald*
In response to alleged industry inaction, Senator Jay Rockefeller (who plans to retire at the end of next year) recently reintroduced a bill, the "Do-Not-Track Online Act of 2013", that would require all Web browsers, online companies, and app makers to give users a choice of opting-out of being tracked online.
On the same day that the FTC released its new report on mobile privacy, the Commission also announced its latest online mobile privacy enforcement action, an $800,000 settlement with the operator of the Path social networking app.
On February 1, 2013, the FTC released its latest privacy-focused report, Mobile Privacy Disclosures: Building Trust Through Transparency.
By William MacDonald*
Yesterday the Federal Trade Commission (the "FTC") announced that it had entered into a settlement agreement with online advertising network, Epic Marketplace Inc. ("Epic"), that bars the company from continuing to use history sniffing technology, which allows online operators to "sniff" a browser to see what sites consumers have visited in the past.
By William MacDonald*
Late last Friday a federal judge in California rejected a proposed settlement in response to a lawsuit claiming that Facebook's "Sponsored Stories" advertising program violated California law by publicizing users' "likes" of certain advertisers without paying them or giving them a way to opt out.
Sanity has prevailed in a Southern California lawsuit concerning the sending of text messages. A lawsuit claiming that the simple acknowledgment of an opt-out request violated the Telephone Consumer Protection Act (TCPA) was dismissed.
Also by Nina Krauthamer*
Applications for new .NGO and .ONG domain extensions, reserved exclusively for charities, non-profits and NGOs, may be available as early as January 2013.
The New Jersey Assembly is currently considering 2012 New Jersey Assembly Bill No. 2578, a bill that would authorize Internet gaming in Atlantic City casinos under certain circumstances.
A federal appeals court affirmed that companies using automated dialers can be sued for calling a telephone number, even if they had permission to call the number from the prior subscriber to that phone number.
The Federal Trade Commission settled with "Green Millionaire Book" promoters. The FTC alleged the defendants lured consumers with a supposedly "free" book falsely promising that it would show them how to power their cars and homes at no cost, and then billed them for an online magazine they never ordered.
Social media sites such as Twitter and Facebook are gaining in popularity with companies and individuals using these valuable tools as a quick and cost-effective way of promotion and advertising.
The FTC alleged that social media website RockYou knowingly collected approximately 179,000 children's email addresses and associated passwords during registration - without their parents' consent - and enabled children to create personal profiles and post personal information on slide shows that could be shared online.
Olshan counsel Jonathan I. Ezor recently published an opinion piece in Long Island Business News regarding online privacy and small business.
As more people of every demographic become regular users of social media services, evidence arising out of social media postings is playing a much greater role in litigation.
The General Counsel of the National Labor Relations Board ("NLRB") released a report on January 24, 2012 summarizing its decisions in recent unfair labor practice cases involving employer responses to employee use of social media.
What happens when an employee amasses numerous "followers" on Twitter and then leaves the company and begins "tweeting" for a competitor?
An interesting opinion letter issued by the United States Department of Justice's Office of Legal Counsel may pave the way for legalized online gaming in the United States.
Kindle Fire's unusual Web browser, called Amazon Silk, is" cloud-accelerated," and raises concerns.
On September 2, 2011, a National Labor Relations Board Administrative Law Judge declared that a Buffalo, New York not-for-profit employer violated the National Labor Relations Act when it discharged a group of employees who engaged in a Facebook discussion in which they criticized their supervisor and complained about poor working conditions.
The Federal Trade Commission will be revising the "Dot Com Disclosures: Information About Online Advertising."
The Ninth Circuit Court of Appeals ruled in Simonoff v. Expedia, Inc., that an email receipt displayed on a computer screen is not an electronically printed receipt under the Fair and Accurate Credit Transactions Act (FACTA).
Jonathan I. Ezor is one of the organizers of the upcoming 140 Characters Conference: Long Island, being held at Touro Law Center in Central Islip, NY on May 26th, 2011.
Lustigman Firm attorneys Andrew Lustigman and Jonathan I. Ezor were recently featured in two Mobile Marketer articles by Chantal Tode about cases brought against Google involving smartphone privacy and data collection.
States are exploring a variety of methods to improve their collection of tax revenues from purchases made by their residents from out-of-state online and mail-order retailers.
The Supreme Court's March 1, 2011 decision in Federal Communications Commission et al. v. AT&T, Inc., may significantly limit a corporation's right to assert privacy protections relating to its affairs.
Two important privacy bills were recently introduced in the House: the Best Practices Act and the Do Not Track Me Online Act. Here are details.
On November 4, 2010, the Appellate Division (1st Department) of the New York State Supreme Court issued an opinion in the so-called Amazon Tax case.
Jonathan I. Ezor continues his frequent presentations on the business and legal aspects of social media.
On August 26, 2010, the Oklahoma Tax Commission enacted emergency regulations under state law HB 2359, a new law that includes sales tax obligations for out-of-state retailers, which went into effect on July 1, 2010.
In its first announced enforcement action arising out last year's revised Guides Concerning the Use of Endorsements and Testimonials in Advertising, the FTC has agreed to settle a case brought against Reverb Communications, a P.R. agency.
At a recent Congressional hearing, Federal Trade Commission Chairman Jon D. Leibowitz said that the agency is considering assessing the viability of a do-not-track list for online advertising modeled on the national "do not call" list utilized in telemarketing.
The Federal Trade Commission announced that it is further extending its deferral of enforcement of the Identity Theft Red Flags Rule through December 31, 2010...
The FTC's Red Flags Rule (http://www.ftc.gov/redflagsrule), which requires covered organizations to implement a written identity thefts prevention program, is slated to go into effect on June 1, 2010.
In response to a call by four U.S. senators and others for greater oversight into the use of personal information by social networks like Facebook, the FTC announced Tuesday (according to the Washington Post) that it was going to examine these networks' collection and use of data and "develop a framework governing privacy going forward."
In addition to the ongoing fight between Amazon.com and states seeking to levy sales taxes based on its associates (affiliate) program, the retailer has recently brought a lawsuit against the state of North Carolina.
At the recent ABA Roundtable on Social Media Law co-sponsored by The Lustigman Firm, one of the topics of discussion was the FTC's enforcement of the Children's Online Privacy Protection Act of 1998 ("COPPA").
New York led the way with its "Amazon Tax," which extended "nexus" for sales tax purposes to the 3rd party affiliates who referred deals to Amazon.com via its Associates Program, leading to a lawsuit from Amazon and other retailers.
On February 24, after a case lasting more than two years, an Italian court convicted three Google executives, including its global privacy counsel Peter Fleischer, of criminal invasion of privacy, and sentenced the men to six months in jail (although the sentences were automatically suspended under Italian law).
On February 25, 2010, the FTC announced a settlement with ControlScan, a company that certifies the privacy and security of online retailers, over charges of misleading consumers. According to the FTC's release, ControlScan's seals promised consumers that it had reviewed sites' information security practices, although ControlScan performed "little or no verification" of the sites' protections.
One of the most valuable features of the Web as a business medium is interactivity, the ability of a company to create a dialog with its customers (current and future) via the Web site.
The Federal Trade Commission is once again delaying enforcement of the "Red Flags" Rule from November 1, 2009 until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.
On October 29, 2009 the District Court for the District of Columbia ruled that the FTC cannot force practicing attorneys to comply with Red Flags Rule.
According to a 10/20/09 release from the FTC, children/teen fashion company Iconix (which includes brands such as Mudd, Candie's, Bongo and OP) has agreed to pay a $250,000 fine as a penalty for violating the Children's Online Privacy Protection Act (COPPA).
140: The Twitter Conference, presented by the Parnassus Group, is currently in its second day at the Skirball Center in Los Angeles.
The U.S. Court of Appeals for the Second Circuit recently considered the case of Yahoo!'s LAUNCHcast, an Internet radio station that provides listeners with individualized webcasting, and ruled that LAUNCHcast was not an "interactive service" under the Digital Millennium Copyright Act.
In a significant victory to marketers and the press, the Maine Attorney General has agreed not to enforce the state's Predatory Marketing Law when it is scheduled to take effect on September 12, 2009.
One of the complaints frequently leveled against attorneys is that they speak, and write, a language foreign to all other people: legalese.
Matt Blumberg, CEO of e-mail marketing firm ReturnPath, recently wrote a blog entitled "Stuck in Legal", where he bemoaned how the lawyers he works with seemed to be getting in the way of the business he's trying to do, especially when it comes to contracts.
One of the biggest concerns among visitors to Web sites is how their personal information is going to be used. This isn't a new development; back in March of 2000, BusinessWeek did a cover story on Internet privacy, including a survey showing that the vast majority of users were either very or somewhat concerned about how their information would be used.
On Thursday, August 6, 2009, the microblogging serviceTwitter was hit with a dedicated denial of service (DDOS) attack, an Internet-based effort that clogged and ultimately shut down Twitter's servers until the company could launch a defense.
The Federal Trade Commission recently announced that it was postponing the implementation of the Red Flags Rule from August 1, 2009 to November 1, 2009.
In a July 29, 2009 press release, the FTC announced that was going to once again extend the deadline for compliance with the Red Flags Rule, as it has in the past.
The following is an excerpt from The Lustigman Firm's Jonathan I. Ezor's new free e-book Shooting From the Hip: Managing the Risks of Portable Computing and Smartphones in Your Business.
As we have discussed multiple times in our blog and our recent Webinar, the efforts by states (led by New York) to impose new sales tax collection burdens on affiliate marketers continue to spread.
The Red Flags Rule is summarized by the FTC's release.
As described in this article from Reuters, FTC Chairman Jon Leibowitz told the Reuters Global Financial Regulation Summit in Washington on Monday, April 27th, 2009...
The Webinar covered both the overall legal concerns about running affiliate programs as well as the new tax law, Amazon's lawsuit and what merchants must do to comply with the law.
According to the joint press release, the American Association of Advertising Agencies (AAAA), the Association of National Advertisers (ANA), the Direct Marketing Association (DMA), and the Interactive Advertising Bureau (IAB) are "working together to develop enhanced self-regulatory principles for online behavioral advertising in order to address privacy concerns and to increase consumers' trust and confidence in how online information is gathered and used."
The April 2008 law required those online marketers with affiliate programs whose NY-based affiliates generated $10,000 or more in sales to collect and pay sales tax on all New York-bound shipments. Amazon.com had challenged the law as being unconstitutional.
New York's new tax on online sales generated by New York-based affiliate marketers is raising significant concerns for online retailers and affiliates, who are struggling to meet the State's evolving exemptions.
The New York Online Sales Tax (commonly known as the Amazon tax because of its presumed target Amazon.com), went into effect on June 1, 2008.
In what is likely to be a sign of things to come, major online retailer Overstock.com has decided to terminate its relationship with any affiliate based in New York in order to avoid remitting NY states sales tax under the "Amazon" tax law slated to take effect June 1st.
found in public domain, such as court records, real estate records and telephone directories. The company also offered businesses non-public personally identifiable information from credit reporting agencies - Equifax, TransUnion and Experian - and financial institutions.
Amazon.com has filed a lawsuit challenging New York State's new law forcing out of state online retailers to collect sales tax on shipments to state residents.
According to news reports, New York State will shortly enact a revision to its tax laws that will require online retailers such as Amazon.com, even if they have no offices or warehouses in NY, to begin collecting and remitting sales tax for purchases shipped into the state.
Jonathan Ezor has published an article on encryption and ethics for attorney-client e-mail in Law Technology News.
As recently reported in Direct, Washington-based adult website operator obtained a defense verdict in an action brought by the FTC who alleged that Impulse Media Group, Inc. violated the CAN-SPAM Act by virtue of the acts of its affiliate marketers.
The FTC's decision not to challenge Google's planned acquisition of DoubleClick on antitrust grounds opens the door for a potential merger that would combine the industry leaders in targeted portal and third-party advertising.
"When Spam Isn't Spam: An Unfiltered Look at Self-Regulation and the Law Behind E-mail," which was to be held on Monday, April 30 at Touro Law Center in Central Islip, NY, has unfortunately been postponed.
Last summer, e360 Insight, an e-mail direct marketer, brought a lawsuit against UK-based block list Spamhaus alleging defamation, tortious interference with contract and prospective economic advantage, and other claims.
Follow up regulatory action to that undertaken by the New York Attorney General previously reported in this blog, the Washington Post reports that the FTC is sending letters to approximately 200 major corporations whose ads the FTC believes to have run through deceptively installed spyware.
As reported in the Times of London, the founders of Neteller -- Stephen Lawrence and John Lefebvre a publicly-traded UK online payments company, were arrested in connection with a multibillion-dollar money laundering indictment linked to Internet gambling.
When Spam Isn't Spam: An Unfiltered Look at Self-Regulation and the Law Behind E-mail
Second Life was clearly generating the most buzz at the 28th Annual Promotion Marketing Law Conference in Chicago on December 12th. Second Life http:/www.secondlife.com is a massive multiplayer online role-playing game (MMORPG), where players create avatars that interact with each other in a large virtual world.
I write this from the departure gate at Kastrup Airport in Copenhagen, from which I am returning after presenting my paper "Busting Blocks: Appropriate Legal Remedies For Wrongful Inclusion In Spam Filters Under U.S. Law" at the International Conference on Business, Law and Technology.
New legislation, by Representative Jim Leach (Republican Iowa), was added to an unrelated bill on port security and passed by Congress.
Internet gambling and on-line fantasy leagues have recently come under attack by a variety of sources, including federal and state authorities as well as a private individual. These actions are yet another warning that games that require an entry fee and provide a monetary reward to the winner remain a high risk proposition.
On July 17, 2006, U.S. prosecutors announced that they had arrested David Carruthers, the CEO of BetOnSports, at Dallas-Fort Worth International Airport.
Click fraud continues to present a growing problem for search engines and their advertisers, because Google, Yahoo and other web portals get paid each time someone clicks on advertising links displayed on a search engine result regardless as to whether a sale or legitimate lead is generated.
As part of our ongoing discussion about the best practices and risks involving privacy and use of customer and employee information, here are 10 resolutions for businesses and organizations that want to be responsible about privacy:
Community is one of the most powerful ways to build brand loyalty, and an online discussion can be a great way to establish and nurture such a community.
The cases of employee and customer data breaches (discussed in our earlier blog entry) continue to increase, and even those we knew about are getting worse.
At the Privacy and Identity Theft: Protecting Your Company seminar on Long Island last week, the speakers (from the International Association of Privacy Professionals, the NAD and CA) spoke of many different issues, but one theme kept recurring: the damage to customer trust when information is lost by or stolen from a company.
The New York Times ran an interesting article this past Sunday (free registration required) about the ongoing battle between unsolicited commercial bulk e-mailers (aka spammers) and the software and service companies that provide tools to keep unwanted messages out of user e-mailboxes.