Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Ronald London

After watching the Federal Trade Commission in America tout the success of the National Do-Not-Call Registry over the past several years, with most recent FTC estimates indicating that over 120 million phone numbers appear on the U.S. list, Australia has joined Canada among countries seeking to emulate the United States' approach to staunching unwanted phone calls. Presently, the webpage of the Canadian Radio-television and Telecommunications Commission ("CRTC") shows the agency to be at the tail end of a public comment period on a proposed national do-not-call list. According to one source, the Canadian list is expected to be operational approximately a year from now. Among other provisions, the proposed rules would impose fines of up to $1,500 for individuals and $15,000 for companies that fail to honor a do-not-call registration. As with the U.S. registry, Canadian law allows exemptions for charities, surveys, and political calls, as well as calls made to a recipient with which the caller has an "established business relationship."

• Email This
• Print
• Comments
• Share Link

Posted by Joseph Vance

A growing number of employers are offering employees a new type of benefit: identity theft resolution services. According to a recent Wall Street Journal article, Rite Aid Corp, Reed Elsevier PLC, and Qwest Communications International Inc. are among the companies that have recently started offering identity-theft resolution services to their employees as a workplace benefit.

• Email This
• Print
• Comments (3)
• Share Link

Posted by Bruce Johnson

Last week saw two very important privacy opinions, from opposite sides of the country.

First, on May 23, 2006, the Second Circuit dismissed (without reaching the merits) two appeals involving so-called "National Security Letters" -- unilateral notices from the United States Government demanding certain information from internet service providers, librarians, and others and commanding the recipient not to communicate the fact of the NSL to "any person" -- in Doe v. Gonzales, because of the effect of recent amendments to the USA Patriot Act. (The changes specified that an NSL may now be reviewed by a court and explicitly allowed those who receive the letters to inform their lawyers about them -- and, so, the cases were sent back to the trial courts for further proceedings.)

• Email This
• Print
• Comments
• Share Link

Posted by Joseph Addiego

On May 15, 2006, the California Court of Appeal issued a noteworthy decision that reinforces the privacy rights of employees who are potential plaintiffs in class action lawsuits against their current employers.

• Email This
• Print
• Comments
• Share Link

Posted by K.M. Das

A few weeks ago, we discussed Attorney General Gonzales's speech to the staff of the National Center for Missing and Exploited Children that the United States might soon implement data retention rules for ISPs. CNet's News.com reported on Tuesday that Wisconsin Representative F. James Sensenbrenner, chairman of the House Judiciary Committee, will soon be announcing legislationて羡he Internet Safety Actて羡hat would require the Attorney General to "issue regulations governing the retention of records by Internet Service Providers. Such regulations shall, at a minimum, require retention of records, such as the name and address of the subscriber or registered user (and what) user identification or telephone number was assigned" to the subscriber or user.

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone

Mutual funds must start filing Suspicious Activity Reports (SARs) on suspicious transactions according to a final rule issued by the Financial Crimes Enforcement Network (FinCEN). This new requirement becomes effective 180 days after the date of publication of the final rule in the Federal Register, which was May 4, 2006.

• Email This
• Print
• Comments (1)
• Share Link

Posted by Brian Bennett

Here are a few other ways you'll be able to be ripped off in the future. As Radio Frequency Identification ("RFID") technology becomes ubiquitous, the ability of hackers to gain access to, or "clone," RFIDs will become more prevalent, even when the RFIDs are implanted in your arm. This article looks at some of the uses and vulnerabilities of RFID technology, which might be worth looking into before you agree to the implantation procedure.

• Email This
• Print
• Comments
• Share Link

Posted by Joseph Vance

A recent article in Law.Com discusses the security risks associated with the increased use of laptops by lawyers. Obviously, laptop security is not only an issue that effects lawyers. And, it seems that despite a pretty steady drumbeat the last several years regarding the need to be vigilant with laptop security, the warning is going unheeded by many. (See our prior entry regarding a report of increased laptop thefts from cars in Silicon Valley.)

• Email This
• Print
• Comments (1)
• Share Link

Posted by Ronald G. London

The Federal Trade Commission has announced a proposed consent decree between the government and Nations Title Agency, Inc./Nations Holding Company arising from alleged privacy and security breaches at the companies, as a result the disposal of consumers' confidential data in an unsecured dumpster and hacking of the companies' computers. Nations Title provides a variety of services in connection with financing home purchases and refinancing existing mortgages, while Nations Holding provides real estate services in 44 states. Accord❽ing to the FTC, the companies failed in their promise to consumers to maintain "physical, electronic and procedural safeguards" that protect confidential information, which the companies routinely obtained from banks, real estate brokers, and consumers, and which included names, Social Security numbers, bank and credit card account numbers, and credit histories. The consent decree requires Nations to refrain from making future deceptive claims about its privacy and security measures, to adopt a comprehensive information security program, and to undergo audits by an independent third-party security professional every other year for the next 20 years. This brings to over a dozen the number of cases the FTC has brought challenging data security practices, and it vowed to "bring more if companies continue to fail consumers."

• Email This
• Print
• Comments
• Share Link

Posted by Peerapong Tantamjarik

In today's New York Times Dr. Klitzman, a psychiatrist at Columbia University, writes a short essay describing how a mother reviewed her paper medical chart at a clinic and, without informing any clinic staff, removed certain pages from her records. Those pages contained information revealing that she was at risk for Huntington's Disease, a fatal genetic disorder for which famous folk singer, Woody Guthrie, died of. As the mother put it, "I stole it for my kids' sake" - which is not all too hard to fathom. She was frightened that because Huntington's is hereditary, her kids would be denied health coverage if insurance companies found out about it.

• Email This
• Print
• Comments
• Share Link

Posted by Randy Gainer

Senator Arlen Specter attempted to attach an amendment to the Senate version of the Supplemental Appropriations bill that was passed by the Senate on May 4, 2006. The amendment would have prevented government agencies from using any funds "appropriated by this or any other Act" to carry out the NSA program acknowledge by President Bush on December 17, 2005, or to carry out any related programs unless the administration briefed the House and Senate Intelligence Committees about the programs. The proposed amendment, SA 3679, was rejected by the Senate.

• Email This
• Print
• Comments
• Share Link

Posted by Merrill Baumann

Last week the Department of Justice and Attorney General's office issued, in a brief letter, the "report" required under the Foreign Intelligence Surveillance Act summarizing activities in 2005 at the Foreign Intelligence Surveillance Court, the organization that issues warrants for surveillance requests. Of the 2,074 secret surveillance requests in 2005, two were withdrawn by the government before the FISC ruled on them. And of the remaining 2,072 requests for electronic surveillance and physical searches, the FISC approved, well, 2,072 of them. That has a lot of people worrying over exactly how critical the FISC is. The American Bar Association, for example, is calling on Congress for increased oversight, and more stringent reporting requirements. The Electronic Privacy Information Center provides a good update on FISC activities here.

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone and Stuart Louie

On April 25, 2006, the Department of the Treasury, Financial Crimes Enforcement Network issued a guidance statement in respect of Customer Identification Program ("CIP") responsibilities arising out of transactions where U.S. banks or broker-dealers ("Agent Lenders") arrange loans of securities to broker-dealers ("Borrowers") under the Agency Lending Disclosure Initiative. In a typical agency lending transaction, an Agent Lender agrees to make securities (held by such Agent Lender on behalf of its customers ("Customers")) available to be loaned to Borrowers through Agent Lender's securities loan program. Other than imposing certain lending requirements and receiving periodic reports regarding loan transactions involving its securities, the Customers have virtually no role in the transaction. The master loan agreement is entered into between the Agent Lender and the Borrower and the Borrower typically records the loan transaction in an account in the name of the Agent Lender. Under the Agency Lending Disclosure Initiative, the Agent Lender, after the fact, will provide to Borrower information regarding the identities of the Customers whose securities have been loaned to the Borrower; however, the disclosure of such information is typically limited to certain personnel of Borrower responsible for credit risk management and regulatory capital reporting.

• Email This
• Print
• Comments
• Share Link

Posted by Joseph Addiego

This week it was reported that a proposed law dubbed the Intellectual Property Protection Act of 2006 is set to be introduced to Congress by Rep. Lamar Smith, who serves as the chairman of the House Subcommittee on Courts, the Internet, and Intellectual Property, which has jurisdiction over copyright law and information technology, among other things. The proposed bill aims to put more teeth into anti-piracy laws by expanding the types of punishable criminal offenses and their related penalties. For example, attempted criminal piracy, even if the attempt fails, would be a punishable offense as long as the attempt was willful. In addition, the punishment for certain criminal copyright offenses would be doubled.

• Email This
• Print
• Comments
• Share Link