The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

FTC Tells Sears That Consumer Disclosures Must be More Conspicuous

Over the course of the last decade, many companies have become accustomed to notifying consumers of their data collection practices in their online privacy policy. However, in a recent proposed settlement, the FTC indicated that, at least under the facts before them, disclosures that were “buried” in a privacy policy were not sufficient.

 

On June 4, the FTC reported a proposed settlement with Sears Holding Management Corporation of a complaint that Sears had failed to meaningfully disclose to customers the extent of the information it was collecting through its online market research software. The FTC claimed that this failure to disclose constituted an “unfair or deceptive act” under the Federal Trade Commission Act. 

Continue reading


Leave a comment

Court Uses Computer Privacy Law to Crack the Whip on Use of Work Computer to Solicit Dominatrix-Prostitute

The Ohio Court of Appeals, in State v. Wolf, No. 08-16, slip op. (Ohio Ct. App. 5d April 28, 2009), recently upheld application of Ohio’s computer crime law to an employee who used his work computer to engage in criminal conduct (solicitation of a dominatrix-prostitute). While this holding may seem uncontroversial, another aspect of the decision might open the door to imposing criminal liability on employees for violating employer computer use policies.

 

Continue reading


Leave a comment

Doesn’t Alice Live Here Anymore? FACTA and the Address Discrepancy Rule

Section 315 of FACTA requires institutions that utilize consumer reports (“users”) to develop and follow certain procedures when notified of an address discrepancy  by a national CRA (Equifax, Experian and TransUnion). Under FACTA, national CRAs are required to issue a “notice of address discrepancy” when an address provided by a user requesting a consumer report “substantially differs” from the address the CRA has on file for that consumer. The Address Discrepancy Rule then requires users of consumer reports to develop and implement written policies and procedures to respond to receipt of a discrepancy notice. There are two components to the policies required by the Rule: the first relates to the user’s evaluation of the address discrepancy; the second relates to the user’s potential obligation to report the consumer’s address to the CRA.
 

Continue reading


Leave a comment

New Nevada Law Requires Increased Protection of Personal Information

A new Nevada law, S.B. 227, will require entities doing business in that state to beef up their protections of personal information. Nevada currently requires encryption of any personal information transmitted electronically (other than by facsimile). But S.B. 227, which becomes effective on January 1, 2010, will require encryption of all personal information leaving the “logical or physical controls of the data collector,” including electronic data on a “data storage device.” The definition of  “data storage device” includes computers, cellular phones, magnetic tape, electronic computer drives and optical computer drives.


Leave a comment

Identity Theft Red Flags and Address Discrepancies FAQs

On June 11, 2009, the staff of the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision and the Federal Trade Commission issued a set of Frequently Asked Questions (FAQs) to assist financial institutions, creditors, users of consumer reports, and card issuers in complying with the Red Flags and Address Discrepancies Rules under The Fair and Accurate Credit Transactions Act.