Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Joe Addiego

The San Francisco Chronicle recently reported that since 2003, nineteen different federal agencies have suffered the loss or theft of confidential data pertaining to individuals, yet few, if any, of these agencies reported the breaches. The reason? There are no data breach reporting requirements applicable to the federal government, which begs the question, why not? This lack of accountability for the feds is particularly troubling, since thirty three different states already have passed data breach notification laws.

• Email This
• Print
• Comments
• Share Link

The Department of the Treasury Financial Crimes Enforcement Network (Fincen) recently published Frequently Asked Questions (FAQs) providing guidance for money service businesses (MSBs) in connection with their anti-money laundering (AML) programs. 

Under the Bank Secrecy Act (BSA), MSBs must establish an AML program which sets forth at a minimum: internal policies, procedures, and controls; designates a compliance officer; provides for ongoing employee training; and provides for an independent audit function to test programs.   31 U.S.C. Section 5318(h).

• Email This
• Print
• Comments
• Share Link

Posted by Bruce E.H. Johnson

Recent news reports about the scandal involving Speaker Hastert and the leadership of the House GOP, and former Florida Republican Rep. Mark Foley's efforts to contact current and former House pages have reminded all of us of the durability of the Instant Message (or "IM").

In an article (not available online to non-subscribers) in Wednesday's Wall Street Journal entitled "Those IMs Aren't as Private as You Think", two Journal reporters, Amol Sharma and Jessica E. Vascellaro, discuss these risks, especially from the standpoint of employers and companies that allow employees to use the medium. 

• Email This
• Print
• Comments
• Share Link

Decision Effectively Seeks to Trump FCC Rule and Would Ban Prerecorded Telemarketing by Entities Subject to the FTC Jurisdiction

Posted by Ronald London

Two years after the Federal Trade Commission sought comment on a proposal to reconcile parts of its Telemarketing Sales Rule ("TRS") that appeared to prohibit all prerecorded message telemarketing with Federal Communications Commission rules that permit such calls in some circumstances, the FTC has pulled an about face and decided not only not to harmonize the rules, but to propose a new rule specifically underscoring a more stringent FTC prohibition. In taking pains to chart a more restrictive course notwithstanding what FCC rules permit, the FTC stated that, “While regulatory uniformity may be a laudable goal, it is not a sufficient basis for conforming [our rules] to the FCC’s regulations,” especially since “compliance with the more restrictive” TSR prohibition “does not violate FCC regulations.” The proposed change would mean that all telemarketers within the FTC’s jurisdiction – which does not reach banks, credit unions, savings and loans, common carriers, non-profit organizations, and those engaged in the business of insurance – would be prohibited from using prerecorded messages that are part of a plan, program or campaign to induce purchases of goods or services or charitable contributions, even if FCC rules otherwise would permit the call.

• Email This
• Print
• Comments
• Share Link

Posted by Kaustuv M. Das

On Tuesday, Oct. 3, 2006, the Electronic Freedom Foundation’s FLAG project filed a Freedom of Information Act (FOIA) action Freedom of Information Act (FOIA) action, in the United States District Court for the District of Columbia, seeking release of information from the FBI on its DCS-3000 and Red Hook tools. DCS-3000 and Red Hook appear to be successors to the FBI’s less politically correctly named Carnivore program, which the agency began in 2000.

According to the DOJ’s Office of Inspector General’s (OIG) report entitled “The Implementation of the Communications Assistance of Law Enforcement Act” (the CALEA report), the FBI has spent nearly $10 million to develop DCS-3000. “The FBI developed the system as an interim solution to intercept personal communications services delivered via emerging digital technologies used by wireless carriers in advance of any CALEA solutions being deployed. Law enforcement continues to utilize this technology as carriers continue to introduce new features and services.” (CALEA report, Appendix VIII.) The CALEA report also discloses that “[t]he FBI has spent over $1.5 million to develop [the Red Hook] system to collect voice and data calls and then process and display the intercepted information in the absence of a CALEA solution.” Id.

• Email This
• Print
• Comments
• Share Link

Posted by Joe Addiego

            As reported last Friday, September 29, 2006, Senate Bill No. 768, a/k/a the Identity Information Protection Action of 2006, which would have imposed new regulations on the use of radio frequency identification (“RFID”) cards issued by governmental bodies, was on the desk of Governor Arnold Schwarzenegger awaiting signature to be passed into law.

            On September 30, the Governor vetoed the bill, calling it “premature.” Several of the reasons given for the veto, including that the bill imposed expensive and burdensome restrictions that could quell the use of RFID technology, were those discussed in my prior blog post. Also, the veto states that the bill potentially conflicted with federal law.

            Questions still remain as to whether restrictions like those proposed in the now-defunct (temporarily, at least) IIPA are necessary to protect the privacy of RFID card users. Expect similar laws to be proposed in the future.

• Email This
• Print
• Comments
• Share Link