The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

Upcoming Privacy Panels at the ABA Annual Meeting in Toronto

Attending the ABA Annual Meeting in Toronto and interested in privacy?  Then don’t miss these two important panels on the afternoon of Saturday August 6th:

New Restrictions on U.S. Internet Sales: Data Passes, Negative Options, Automatic Renewals and Recurring Charges (if you don’t know what they are, you should attend), on Saturday, August 6, from 2:00 pm – 3:30 pm, in the Metro Toronto Convention Centre, South Bldg, Room 716A, 700 Level.  The panel will address hot topics in data sharing practices involving personal information.  Speakers include Damier Xandrine, Senior Counsel, Wells Fargo; Holly Towle, partner at K&L Gates LLP, and Alysa Hutnik, partner at Kelley Drye & Warren LLP. 

"Can the Law Keep Up with Technology? Can Self Regulation Help?" – on Saturday, August 6th, from 3:45 – 5:15 p.m, in room 713B, 700 Level, in the South Building of the Toronto Convention Center.  Saira Nayak will moderate a discussion around the meaning of privacy self regulation, with FTC Commissioner Julie Brill, Privacy Commissioner Jennifer Stoddart of Canada, Stuart Ingis of Venable LLP, and Dr. Paolo Balboni of the European Privacy Association.  

 A complete listing of the ABA Annual Meeting programs is available at: http://www2.americanbar.org/annual/pdfs/2011TorontoProgramFinal.pdf


Leave a comment

Massachusetts AG Announces $7500 Settlement with Bank for Data Breach

The Massachusetts Attorney General recently announced a $7,500 settlement with Belmont Savings Bank following a data breach in which an unencrypted backup computer tape was lost after an employee failed to follow the bank’s policies and procedures.  This tape contained the names, Social Security numbers, and account numbers of more than 13,000 Massachusetts residents.

The tape was lost in May 2011, when an employee left it on a desk rather than storing it in a vault for the night.  Surveillance footage showed that the tape was then thrown away by the cleaning crew.  The tape was most likely incinerated by the bank’s waste disposal company, and the bank has indicated that it has no evidence that the Massachusetts residents’ personal information had been acquired or used by an unauthorized person.

In addition to the $7,500 penalty, the settlement requires Belmont Savings Bank to mitigate the risk of future data breaches by:

  • Ensuring the proper transfer and inventory of backup computer tapes containing personal information;
  • Storing backup computer tapes containing personal information in a secure location; and
  • Effectively training its employees on the bank’s policies and procedures for maintaining the security of personal information.

This is the second announcement this year by the Massachusetts Attorney General’s office of a settlement as a result of a data breach. 


Leave a comment

FTC Withdraws FCRA Commentary

Recently, the FTC withdrew its Statement of General Policy or Interpretations under the Fair Credit Reporting Act ("FCRA"), including the FTC’s Commentary on the FCRA (the "Commentary’), the day before the authority to enforce and administer the FCRA transferred to the new Consumer Financial Protection Bureau (“CFPB”).

The FTC also released a staff report entitled "Forty Years of Experience with the Fair Credit Reporting Act."  This report provides background on the FTC’s role in enforcing the FCRA, and includes a section-by-section summary of the agency’s interpretations of the FCRA. 

In announcing the withdrawal of the Commentary and release of the staff report, the FTC stated that the Commentary "has become partially obsolete since it was issued 21 years ago."  The new staff report deletes several interpretations in the Commentary that have since been repealed, modified or otherwise amended, and adds updated interpretations to reflect changes in the law since the Commentary was released in 1990.  The FTC stated that, given the Commentary’s staleness, it "does not believe it is appropriate to transfer the Commentary."

Continue reading