Tag Archives: data

Another State Passes Law to Protect Consumer Data

States are taking online consumer protection into their own hands given a perceived lack of sufficient protection at the federal level. Maine now has jumped in.

Indeed, Janet Mills, the Governor of Maine, just signed into law arguably one of the strongest privacy bills in the country. This law, called the Act to Protect the Privacy of Online Consumer Information and which goes into effect on July 1, prohibits internet service providers from using, selling, or distributing data from consumers without obtaining their consent. And, according to The Hill, this new state law bars internet service providers from refusing to serve consumers, penalizing consumers or offering them discounts to seek to gain their permission to sell their data.

Consumer Affairs and Privacy

This bold step by Maine follows in the footsteps of California, a state which passed a complicated online privacy law last year. That law has been both applauded by privacy activists and criticized in certain respects by the tech industry.

At first blush, the new Maine law may be even more robust than the California law. The Maine law is opt-in in nature, requiring explicit consent from consumers before internet service providers can sell their data. The California law is opt-out in effect, making consumers affirmatively request that their data not be sold.

So, what is the genesis of the Maine law? It seems patterned after a prior Federal Communications measure — a measure that was removed by the Trump administration in 2017. Perhaps it is because of this nullification that states are entering the fray to seek greater consumer protection.

This is reminiscent of when states passed laws dealing unsolicited commercial email before Congress enacted the Can-Spam Act at the federal level. It also is a reminder of the various state laws addressing data breach notifications.

Legislative Patchwork and Protection

The creation of a patchwork of different state laws is not necessarily ideal. It is difficult for internet service providers to know how to guide their practices, when their customers are located in various states with different laws.

When in doubt, in such a context, internet service providers arguably would be best served by honoring the dictates of the state with the most strict law on the books — to make sure that they are not violating any law. If they are complying with the strictest law, they then also should in compliance with more permissive laws in other states. (Internet service providers obviously should seek specific legal advice from skilled counsel).

A strict law in just one state, even a small state like Maine, can have a major impact when the federal government creates a void.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him atejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.

Getting Serious About Cybersecurity

Hack attacks have been in the news for a while. But the most recent headlines seem to indicate that hackers are far outpacing security efforts to contain them.

In the last week, we have learned that a major health insurer was compromised, possibly exposing the data of 80 million health accounts. Data relating to medical patients is very sensitive, and the number 80 million is staggering in scope. And there have been indications that other health insurers might be vulnerable, meaning that 2015 could be the year of health insurance hacks.

On top of that, we just learned that “Anonymous” hackers have attacked the website of the President of the European Parliament. So, this tells us that not only is medical information unsafe, but government officials are not able to protect themselves from hackers. Continue reading Getting Serious About Cybersecurity

Duane Morris Partner Eric Sinrod to Moderate Panel on “Data Portability”

Duane Morris partner Eric Sinrod will moderate a panel on “Data Portability” at the 10th Annual Standford E-Commerce Best Practices Conference on Friday, June 28, 2013, at Stanford Law School.

The Stanford E-Commerce Best Practices Conference is the premier educational event for in-house counsel and practitioners in the e-commerce industry. Leading insiders from industry, legal practice and academia will address current issues facing the industry and offer practical solutions for dealing with the many legal uncertainties that arise when doing business online. The program will feature a roundtable of general counsel from leading e-commerce companies and will provide perspectives on a wide-range of current topics.

Click here to learn more.

Hackers Increasingly Target Colleges, Universities

All sorts of businesses and organizations are potentially vulnerable to hackers. Educational institutions are no exception, as highlighted by a recent example involving Northwest Florida State College.

One or more hackers accessed a folder on the school’s main server from May through September, according to a memo from the College’s President to all employees. The folder contained multiple files.

Continue reading Hackers Increasingly Target Colleges, Universities

How Many Millions of Children are on Facebook?

Many web sites prohibit children under the age of 13. It’s not necessary out of altruism, but because the Children’s Online Privacy Protection Act (COPPA) contains various provisions and requirements concerning special treatment that must be accorded to the children.

The statute is designed to protect young children from web sites that might seek to exert influence over them by obtaining personal data and marketing to them. Indeed, web sites are required to get verifiable parental consent before allowing such children to participate and they must follow certain rules to safeguard their privacy.

Continue reading How Many Millions of Children are on Facebook?

Protecting Personal Information In Borders Bankruptcy Proceeding

Borders has long collected personal information from customers and promised that such information would not be disclosed without consent. In light of that and Borders’ current bankruptcy proceedings, the FTC has sent a letter to the consumer privacy ombudsman overseeing the Borders bankruptcy that seeks the protection of customer personal information.

The FTC’s letter appears prompted by its understanding that customer personal information held by Borders is scheduled to be auctioned and thereafter there will be a sale hearing.

Continue reading Protecting Personal Information In Borders Bankruptcy Proceeding