What's Up With Facebook's Acquisition of WhatsApp?

WhatsApp, a messaging service that is often used for international texting and other services, is about to be gobbled up by Facebook, right?

Well, that is Facebook's plan. Indeed, Facebook intends to fork over a hefty $19 billion to acquire WhatsApp. However, that is not the end of the story.

[Read More]

mHealth App Use: Is Data Truly Protected?

One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps.  For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online.  iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Appthority found that while the app description states that it encrypts personal information, it only uses a common encoding scheme and does not protect user info when the consumer searches for information about a drug through the app.  Appthority also claims that the app sends personal information to advertising networks.  Another example of a legitimate privacy and security concern relates to cloud storage.  Many mHealth apps collect physiological data through sensors affixed to the body, store the data in the cloud, and provide the data to a physician or other provider.  If the cloud storage vendor does not provide adequate security protections, the provider could be implicated as a party to the app’s use.  mHealth apps offer tremendous opportunities to advance a more sophisticated and connected healthcare environment – but the modes of connection need to be solid from a data protection perspective.  Good risk management is key.   



FTC Investigates Facebook's Proposed Privacy Policies

The Federal Trade Commission (FTC) has launched an inquiry to determine whether Facebook's recently announced privacy policies violate an agreement to obtain express consent before revealing users' private information to new viewers.

According to The New York Times, the FTC claims Facebook's new policies require users to provide Facebook with broad permission to utilize their personal information in advertising. Facebook has fired back, stating that this requirement comes from a class action settlement to users who were unhappy that their names and images were used in Facebook ads to shill products to their friends.

Facebook privacy is already a tough subject, but will this inquiry reveal anything new?

[Read More]

NSA Seeks To Come Clean On Surveillance Practices

With potential reforms in the wind with respect to government surveillance practices, the National Security Agency (NSA) has issued a seven-page report that seeks to explain and justify its conduct.

The report, titled "The National Security Agency: Missions, Authorities, Oversight and Partnerships," begins with a quote from President Obama that calls for "reviewing the authorities of law enforcement, so we can intercept new types of communication, but also build in privacy protection to prevent abuse."

[Read More]

White House Enlists Help To Get Hip To Cyber Legal Issues

Back in the day, President Bill Clinton touted the development of the "information superhighway," and Vice President Al Gore not entirely accurately was reported to have stated that he had invented the Internet.

Since then, the Internet has exploded and grown exponentially. There have been many benefits, such as the potential to purchase a tremendous number of goods and services online, as well as the ability to communicate freely via social media portals such as Facebook and Twitter.

Of course, the Internet also presents risks. Indeed, the news frequently is filled with reports of privacy violations and security compromises.

In the wake of these realities, the White House now further seeks to get hip by hiring Twitter counsel Nicole Wong. She will occupy a new senior advisory position with an emphasis on Internet and privacy policy, according to Reuters. Wong will team with Chief Technology Officer Todd Park, with a White House aim of dedicating more efforts to combating hackers.

[Read More]

New FTC "Red Flag Rule" Guidance to Help Fight Identity Theft

The Federal Trade Commission recently issued revised its “Red Flag Rules” guidance.  The Red Flag Rules protect consumers by requiring businesses to watch for and respond to warning signs or red flags of identity theft.  The guidance outlines which businesses are covered by the Rule.  A copy of the guidance can be viewed at http://business.ftc.gov/documents/bus23-fighting-identity-theft-red-flags-rule-how-guide-business.


The Social Media Teen Generation

Today's teens certainly constitute the social media generation. And a recent study titled "Teens, Social Media and Privacy" by the Pew Research Center's Internet & American Life Project sheds light on this phenomenon.

[Read More]

Your Life in Photos: Privacy and a New Kind of Camera

What if you could capture your entire life in photos?  The New York Times reported that a Swedish company Memoto has developed a wearable camera that accomplishes just that. http://bits.blogs.nytimes.com/2013/03/08/meet-memoto-the-lifelogging-camera/. This application goes way beyond Instagram.

Memoto’s website says: "The Memoto camera is a tiny camera and GPS that you clip on and wear. It’s an entirely new kind of digital camera with no controls. Instead, it automatically takes photos as you go. The Memoto app then seamlessly and effortlessly organizes them for you." 

Read more about the pros and cons of this new device at the New Media and Entertainment Law Blog.


President Obama's Executive Order: 5 Ways To Improve Cybersecurity

Following his recent State of the Union address, President Obama issued an Executive Order entitled "Improving Critical Infrastructure Cybersecurity."

The Policy section of the Executive Order notes that repeated cyber intrusions into critical infrastructure demand improved cybersecurity. This section correctly points out that the threat to critical infrastructure "continues to grow and represents one of the most serious national security challenges we must confront."

Indeed, it is stated that the "national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats."

[Read More]

High Tech Replacing Familiar Favorites, But Low Tech Will Live On

Technology is advancing at warp speed, and the way we live is changing constantly. Indeed, what was once lifestyle bedrock is now going the way of the dinosaurs.

[Read More]

HHS (Finally) Issues HIPAA/HITECH Amendments

On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. They involve a number of sweeping expansions to the existing HIPAA Rules including: (1) a broader definition of “business associates” (“BAs”) to include downstream subcontractors that handle protected health information (“PHI”) on behalf of BAs; (2) increased penalties for noncompliance, with a maximum penalty of $1.5 million per violation; (3) expanded individual rights, including the right to request electronic medical records; and (4) new limitations on the use of PHI for marketing and fundraising, or the sale of PHI; among other broad changes.   Read the full text here.  Duane Morris is preparing a fuller description of the 2013 HIPAA Amendments that will be distributed shortly. Please do not hesitate to contact Lisa Clark, lwclark@duanemorris.com, Neville Bilimoria, NMBilimoria@duanemorris.com, or your contact at Duane Morris for more information.  Thanks to Elinor Hart, EHart@duanemorris.com, for her prompt assistance with this breaking development.  


FTC Imposes a Record $22.5 Million Civil Penalty on Google for Privacy Misrepresentations

On August 9, 2012, the FTC announced that Google agreed to pay a record $22.5 million civil penalty to settle charges that it made misrepresentations to users of the Safari Internet browser when Google represented that it would not place cookies or serve targeted ads to those users.  In doing so, Google violated an earlier privacy settlement it had with the FTC.

FTC Chairman Jon Leibowitz said “[t]he record setting penalty in this matter sends a clear message to all companies under an FTC privacy order. . . “[n]o matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The FTC's aggressive enforcement is expected to continue and it is important that businesses review their privacy policies to ensure that the policies have not become dated and no longer represent the current data collection and maintenance practices of the business.

The FTC press release can be viewed at http://ftc.gov/opa/2012/08/google.shtm


California Spotlights Mobile Applications and Privacy: The Impact on the App (Including the mHealth) Industry

The relationship between privacy and mobile applications is coming into focus.  On February 27, 2012, the California Attorney General entered into a Joint Statement of Principles with the six largest mobile application companies – Apple, Google, H-P, Microsoft, Amazon and RIM – regarding consumer privacy and transparency issues when data is collected through an app.  http://ag.ca.gov/cms_attachments/press/pdfs/n2647_agreement.pdf. The Five Principles set parameters for good practice.  Although not legally binding, the AG promises to review compliance in the fall, and may use California laws on privacy, false advertising, unfair business practices and others as enforcement tools.  Since California often leads the way in privacy enforcement it is likely that other states will follow suit.    

What are the ramifications of this development for mobile medical (mHealth) apps?  A medical app developer must take into account privacy issues, particularly if it collects or assists with the collections of personal data.  In addition, a mobile medical app provider must consider any HIPAA requirements, such as would apply if the app was offered by a health care provider or payor to a consumer, or used internally (e.g. transfer of data by physicians in a hospital).  HHS has established an mHealth Initiative to review the emerging mHealth area and to develop guidance.  In sum, privacy is quickly becoming an important compliance area for mHealth stakeholders: device makers, software and app developers, platform providers, investors, health care providers and payors, and consumers.  Keep an eye on developments and enforcement activities in this area. 


FTC Released its Final Report Today on Best Practices for Businesses to Protect Consumer Privacy

Today, the Federal Trade Commission released its final report titled "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers."  http://www.ftc.gov/opa/2012/03/privacyframework.shtm

The report details best practices for businesses to protect the privacy of consumers.  Recognizing the burden on small businesses, the FTC says that the framework should not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year. 

In the report, the FTC addressed the following:

Do-Not-Track – the FTC will work with various groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system.

Mobile - the FTC continues to urge companies offering mobile services to work toward improved privacy protections, including disclosures. It will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.

Data Brokers – the FTC called on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data.  In addition, the website should detail the choices that data brokers provide consumers about their own information.

Large Platform Providers - The FTC cited heightened privacy concerns about the extent to which platforms, such as ISPs, operating systems, browsers and social media companies, comprehensively track consumers' online activities. It will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.

Promoting Enforceable Self-Regulatory Codes - the FTC is working to develop industry-specific codes of conduct.


Why You Should Buy PHI and PII Data Breach and Security Incident Insurance

Click here to read latest blog on Why You Should Buy PHI and PII Data Breach and Security Incident Insurance.

Duane Morris TechLaw

Duane Morris lawyers share their insights on developing legal issues which impact technology and business. Topics include e-commerce, cloud computing, outsourcing, security, privacy, social media, software, telecommunications and more.

« April 2014
© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.
The opinions expressed on this blog are those of the author and are not to be construed as legal advice.