Although the White House report remains a blueprint and does not
include enforceable regulations, the administration signaled that
it will immediately begin convening companies, privacy advocates
and other stakeholders to develop and implement codes of conduct
based on the Consumer Privacy Bill of Rights. If an organization
were to voluntarily adopt such codes of conduct, then, according to
the White House, that organization's public commitment to
adhere to such codes of conduct would "become enforceable
under Section 5 of the FTC Act."
The Obama administration also indicated that it will work with
Congress to craft legislation based on the Consumer Privacy Bill of
Rights, and empower the FTC and State Attorneys General to enforce
Specifically, the Consumer Privacy Bill of Rights provides that
consumers have the following rights:
to exercise control over what personal information is collected
by organizations, and how they use it
to have access to understandable and accessible details about
privacy and security practices
to expect companies to collect, use and disclose data in ways
that are consistent with the context in which consumers provided
to have data handled in a secure manner
to access and correct data
to have reasonable limits on the data that organizations
collect and retain
to have their data handled by companies with appropriate
measures in place to assure they adhere to the Consumer Privacy
Bill of Rights.
In addition, the California Department of Justice last week
announced a Joint Statement of Principles (the
"Principles") with the leading operators of mobile app
platforms to improve privacy protections for consumers. Under the
Principles, Amazon, Apple, Google, Hewlett-Packard, Microsoft and
RIM (the "Platforms") committed to taking steps to
increase awareness among mobile app developers about their privacy
obligations under California law, and to promoting transparency in
Specifically, the Principles call for the Platforms to (i)
include, in the app submission process, optional data fields for
developers to submit the text of, or links to, their privacy
policies, (ii) enable end user access to the privacy policies
submitted by developers, and (iii) give end users tools to report
non-compliant apps to the Platforms, and to implement processes to
respond to these reports.
In the release accompanying the Principles,
California's Justice Department noted that the Principles were
designed to ensure that mobile app developers comply with the
California Online Privacy Protection Act, which requires operators
of online services (including mobile apps) that collect personal
information about Californians to conspicuously post a privacy
This alert provides general coverage of its subject area. We
provide it with the understanding that Frankfurt Kurnit Klein &
Selz is not engaged herein in rendering legal advice, and shall not
be liable for any damages resulting from any error, inaccuracy, or
omission. Our attorneys practice law only in jurisdictions in which
they are properly authorized to do so. We do not seek to represent
clients in other jurisdictions.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The National Institute of Standards and Technology has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations, and this marks a very important release in the world of data privacy controls and standards.
The obligations of hedge funds, investment managers and service providers to protect confidential information relating to investors and avoid breaches of data privacy legislation is increasingly in focus.
In a recently released decision from the U.S. District Court for the Southern District of Florida, Mais v. Gulf Coast Collection Bureau, et al., Judge Robert N. Scola, Jr., granted in part and denied in part cross motions for summary judgment in a putative class action before considering the issue of class certification.
The report also found that most utilities only comply with mandatory cybersecurity standards, and have not implemented voluntary NERC recommendations regarding general or specific threats (e.g., Stuxnet).