Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Stuart Louie and Peter Mucklestone

This past Friday, the White House Office of Management and Budget issued new data protection security guidelines directed at federal civilian agencies. The guidelines address the protection of personal information of the millions of employees and citizens held by such agencies. The Office of Management and Budget has stated that it will work with the agencies’ inspector generals to implement these new guidelines within 45 days; however, stopped short of categorizing the guidelines as “requirements” and has instead labeled them as “recommendations.”  

• Email This
• Print
• Comments
• Share Link

By KM Das

In early February, I was saddened to hear that without any fanfare Western Union had sent its last telegraph. Although I was aware of the NSA’s warrantless electronic surveillance program at the time, I did not make the connection between the two news items at the time. With the revelation this past Thursday that the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) has been giving the Treasury Department all of its data on international wire transfer since soon after September 11, 2001, however, its hard to miss the connection. The Bush administration wants you to go back to sending telegraphs and wiring money through Western Union. It’s certainly no less credible an explanation than the explanation that this program, along with the NSA’s warrantless surveillance and telecommunications companies turning over their call data for data mining purposes, is meant to make us safer.

• Email This
• Print
• Comments
• Share Link

Posted by Peerapong Tantamjarik

An article today in the Jackson (MS) Clarion-Ledger reported that the state of Mississippi would receive a federal contract to implement the Health Information Security and Privacy Collaboration (HISPC).  HISPC is a national effort consisting of a multi-disciplinary team of experts and the National Governor's Association (NGA). The HISPC's goal is to work with approximately 40 states or territorial governments to assess and develop plans to address variations in organization-level business policies and state laws that affect privacy and security practices which may pose challenges to interoperable health information exchange. 

• Email This
• Print
• Comments
• Share Link

Posted by Ronald G. London

The Federal Trade Commission announced a $50,000 settlement with Executive Financial Home Loan Corp., d/b/a Executive Home Loan, and its principals, arising out of the company’s use of “lead lists” purchased from third-party brokers that Executive believed had been “scrubbed” of phone numbers on the National Do-Not-Call Registry (“NDNCR”). The FTC alleged that use of the lists in reliance solely on a vendor’s claims that they had been scrubbed against the NDNCR, allegedly resulting in calls to “tens of thousands of consumers” registered with the NDNCR, and the company’s failure to pay NDNCR fees, resulted in the violation of FTC telemarketing rules. In announcing the settlement, the FTC stated that its “bottom line” is that “telemarketers are responsible for complying with the Do Not Call provisions of the Telemarketing Sales Rule, and cannot hide behind the claims of their service providers,” such that if they “purchase a scrubbed list, they better make sure that it is current and squeaky clean or else they may be violating the law and subject to penalties.” Significantly, the actual monetary judgment entered against the company was $1,138,551, but all but $50,000 was suspended due to an inability to pay.

• Email This
• Print
• Comments
• Share Link

Posted by Brian Bennett

The U.S. Court of Appeals for the D.C. Circuit recently ruled in American Council on Education v. Federal Communications Commission that providers of broadband Internet access and voice over Internet protocol (VoIP) must make their services “wiretap-friendly” under the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. §§ 1001-1010.

The emergence of new communication technologies, including DSL, cable modems and VoIP, led providers to replace physical copper wires with ethereal and encrypted digital signals, which are harder to intercept using traditional law enforcement methods. Responding to these changes, Congress passed CALEA in 1994, requiring “telecommunications carriers” to ensure that law enforcement officials can access provider networks.

• Email This
• Print
• Comments
• Share Link

Posted by Thomas R. Burke

John Gilmore is taking a fascinating secrecy case to the United States Supreme Court. Gilmore, who sued the federal government several years ago to challenge what remains secret today—the requirement that passengers show ID before they travel on airplanes and other forms of transportation in America.

• Email This
• Print
• Comments
• Share Link

Department of Justice lawyers recently escalated their efforts to prevent courts and administrative agencies from reviewing the NSA's domestic surveillance program. On June 6, the DoJ filed a statement supporting a motion by AT&T to consolidate 28 class actions challenging the NSA program.  The DoJ said in the statement that it "intends to assert the military and state secrets privilege . . . in those actions to seek their dismissal." The DoJ also sued the Attorney General of New Jersey and other New Jersey officials to prevent them from subpoenaing phone company records.  The New Jersey officials are trying to determine whether the phone companies broke the law by providing call records to the NSA without a court order.

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone and Stuart Louie

Despite a ruling by the D.C. Circuit Court of Appeals that lawyers are not "financial institutions" under the Gramm-Leach-Bliley Act ("GLBA") and therefore need not comply with the privacy obligations under the GLBA required of financial institutions, it is likely that lawyers are "services provides" for the purposes of the GLBA when representing GLBA-regulated financial institutions. (See American Bar Ass'n v. Federal Trade Comm'n, 430 F.3d 457, 21 Law. Man. Prof. Conduct 616 (D.C. 2005). The consequence? Lawyers representing GLBA-regulated financial institutions may be required to give contractual assurances about their information security practices and, in particular, the steps they are taking to protect any personal information they may acquire in the course of their representation.

• Email This
• Print
• Comments
• Share Link

• Email This
• Print
• Comments
• Share Link