Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

By Brian Nixon

On June 28, 2011, the American Bar Association’s science and technology law section held a teleconference to discuss the topic “Law of E-Tracking: Is Your Phone Too Smart, Your Media Too Social, and Your Advertising Misbehaving?” The teleconference addressed, among other things, effective best practices for companies that collect, use and share information about consumers when they use location based services (“LBS”) on mobile devices and/or social media sites.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Check out our most recently posted HIPAA-related advisory, by Adam Greene and Michael Sloan.  It explains how telecommunications carriers and Internet service providers (ISPs) may, without even knowing it, be subject to the privacy, security, and breach notification requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules.  It also offers suggestions on how such service providers can start thinking critically about whether they are potentially covered, and other steps they should consider taking.  You can find the advisory here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Check out our just-posted advisory offering an overview of the FCC Report and Order adopting rules implementing the Truth in Caller ID Act.  The Act, and now the FCC’s rules implementing it, target “spoofing,” i.e., manipulating the phone number displayed by caller ID devices so that call recipients see a number other than that from which a call originated.  In particular, the statute and regulations prohibit spoofing accompanied by an intent to defraud, cause harm, or wrongfully obtain anything of value, and allows the FCC to impose substantial penalties for violations.

As the FCC’s R&O explains, malicious spoofing practices range from those involved in attempts to gain unauthorized access to voicemail accounts, to identity theft, to stalking, and even to false emergency calls to law enforcement for the purpose of eliciting responses from SWAT teams.  Our discussion of how the Act and rules seek to combat such malfeasance, and how they avoid ensnaring legitimate practices, can be found here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Adam H. Greene

Dr. Richard Kaye, a former medical director of the Psychiatric Care Center at Sentara Obici Hospital (Suffolk, Virginia), was indicted on June 21, 2011, in the U.S. District Court for the Eastern District of Virginia, on three counts of violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The indictment is significant in that it is the first criminal prosecution under HIPAA premised on communications with a patient’s employer.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The DWT PrivSecBlog is pleased to welcome a new contributor from whom visitors will start seeing posts from time-to-time, Adam H. Green. Adam is a veteran health law attorney and former key regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing HIPAA privacy, security, and breach notification rules, and where his responsibilities included determining how HIPAA rules apply to new and emerging health information technologies.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Rob Morgan

Two new bills propose to place limits on government and industry use of mobile users’ location data. The bills would require users’ permission for industry to share geolocation data. They would also require probable-cause warrants for law enforcement agencies to use mobile-device-location data to track individuals.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Also Reinforces That Faxes Need Not Be Ads, But Only a "Prelude" to Marketing, to Violate Junk Fax Rules

Less than two weeks after we reported on the Federal Communications Commission’s announcement that it would henceforth make “upward adjustments” to its fines against repeat violators of the statute and rules governing unsolicited fax advertisements, the FCC has issued another enhanced forfeiture, this time adding $150,000 to more than double the fine that would have applied otherwise. The nearly $300,000 proposed fine underscores how serious the FCC is about establishing an effective deterrent to repeated violations. The proposed fine is also a reminder that even faxes offering things for free (in this case, listings in a directory) can fall within the “junk fax” ban if they are part of an “overall advertising campaign” to sell goods or services.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

By Ryan Gist and Ronnie London.   In separate cases in different jurisdictions, one federal appeals court and two district courts recently held that, just because companies using autodialers reach someone other than their intended target, they do not lose the protection of exceptions in the law that depend on the relationship between the company and the person it is attempting to call. Since impermissible automated calls can lead to statutory damages of up to $1500 per call (as well as fines by federal agencies), the decisions are good news for companies that rely on autodialed and prerecorded calls but may not always be in a position to know when current or former customers’ phone numbers are reassigned, and/or if they have moved from a previous address. It is also particularly good news for those who may need to place such automated calls to cell phones, where the federal prohibition is tightest and the exceptions to it are narrowest.

The recent cases arise under the Telephone Consumer Protection Act (TCPA) and Federal Communications Commission (FCC) rules implementing it, which together prohibit automated and prerecorded calls, with certain exceptions. With respect to cell phones, the TCPA and rules prohibit automated/prerecorded calls unless there is prior express consent from the called party (or the call is for emergency purposes). As to residential (land) lines, they impose the same prohibition, but the statute also specifically allows the FCC to create categorical exemptions for some calls.

• Email This
• Print
• Share Link

Recently, the editors of this blog and of DWT's Broadcast Law Blog held a joint webinar for the Texas Association of Broadcasters that explored the landscape of of privacy issues that media companies may face.  Subjects ranged from those that arise in the context of news-gathering and -reporting and advertising, to those implicating “robo-calling,” telemarketing and “spam,” to online issues involving collection of personal information about children and/or for targeted ads and app use, and data securitization. 

There is a summary of the presentation on the Broadcast law Blog, and the slides from the session, providing a good outline of many of the basic legal concepts that arise in connection with privacy issues, are available here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A proposed $315,000 fine against The Street Map Company for unsolicited fax advertisements suggests the Federal Communications Commission is losing its patience – to the tune of tens of thousands of dollars in extra fines – with companies that repeatedly send “junk faxes” even after the agency has cited them, and gone so far as to propose fines, for such conduct.  And, the FCC’s notice of apparent liability (“NAL”) goes on to say, it plans to increasingly impose such “upward adjustments” in junk fax fines in similar cases in the future.

• Email This
• Print
• Comments
• Trackbacks
• Share Link