Suparossa Restaurant Group LLP, a Chicago-based restaurant company, has been served with a class action complaint alleging that the company has violated the Illinois Biometric Information Privacy Act (“BIPA”). The BIPA is an informed consent statute that establishes standards for employers that collect and store the biometric information of Illinois citizens. The act makes it
privacy
NIST Updates Its Security and Privacy Guidance
Earlier this month, the National Institute of Standards and Technology (“NIST”) issued its fifth and latest draft of its “Security and Privacy Controls for Information Systems and Organizations” guidance document. The NIST guidance document expands on previous drafts that focused on privacy and security improvements for the federal government and now provides security and privacy…
Compliance with COPPA: So easy, even a kid can do it
The Federal Trade Commission has published a new guide that seeks to make compliance with the Children’s Online Privacy Protection Act (COPPA) as easy as 1, 2, 3, 4, 5, 6. Drawing from its detailed FAQs, the FTC has developed an even more stream-lined, six-step DIY instruction manual designed for busy businesses that want…
Customers Sue Darden Restaurants Over Information on Receipts
A class action lawsuit was recently filed against Darden Restaurants, Inc. (“Darden”), alleging that Darden violated the Fair and Accurate Credit Transactions Act (“FACTA”).
Specifically, the plaintiffs alleged that Darden, which includes Olive Garden among its restaurant chains, violated FACTA by printing the full expiration date on credit card receipts, allowing potential identity thieves to…
Proposed Class Action Targets Advertising to Drivers Using DMV Info
A class action filed this month alleges that car warranty company NRRM LLC used information obtained from Department of Motor Vehicles (“DMV”) records to market to consumers in violation of the Driver’s Privacy Protection Act (“DPPA”).
The complaint alleges that NRRM’s third-party data suppliers provide it with personal information about drivers and their cars that…
Upromise Penalized for Violating FTC Privacy Order Over Rewards Program
Upromise found itself in front of the Federal Trade Commission answering very tough questions earlier this month. The inquiry was related to a 2012 order requiring that Upromise include disclosures about data collection practices and conduct third-party assessments about Upromise’s data security safeguards.
The FTC alleged that Upromise failed to comply with the terms of…
Cause of Action Joins Defense of Electronics Maker in FTC Privacy Suit
The advocacy group Cause of Action has stepped in to help defend electronics maker D-Link in a suit brought by the Federal Trade Commission over the company’s purportedly insufficient protection of customers’ privacy.
The FTC is targeting D-Link for making representations that its products, including wireless routers and Internet protocol cameras, feature strong security, even…
New Privacy Rules for Internet Service Providers
On October 27, 2016, the FCC adopted a new set of privacy and data security regulations applicable to “broadband service providers and other telecommunications carriers.”
The rules place new restrictions on internet service providers’ (“ISPs”) ability to use and share their customers’ data. The Commission established two data classifications: (1) sensitive information, and (2) non-sensitive…
Google Makes Ad-Tracking Change in its Privacy Policy
In 2007, Google bought online ad network DoubleClick, which uses cookies to collect and store data about Google users from their browsing history, to best place clients’ ads. This past June, Google revised its privacy policy to state that users’ activities on other sites tracked by DoubleClick “may be associated with [their] personal information.” This…
White House Announces New Privacy Officer
Last week, the Office of Management and Budget created a new dedicated position for privacy within the Office of Information and Regulatory Affairs (“OIRA”). The privacy position will streamline the United States Government’s privacy practices, including:
- Leading efforts to develop and implement consistent, comprehensive and forward-looking Federal privacy policies, strategies and practices across agencies;
- Collaborating
…