Quick Privacy Treats
In keeping with the holiday season, we provide you with some brief updates on currently hot privacy topics.
- FTC finalizes settlement with Google over Buzz. The FTC has finalized its consent decree with Google arising from the introduction of Google Buzz. See our March 31 discussion of proposed consent decree. Consequently, Google will operate under the decree for the next 20 years, and must implement a comprehensive privacy program throughout the company.
The settlement is not limited to Buzz, but instead, applies broadly to all of Google's products and services, including those of its subsidiary companies such as YouTube. Thus, one of the world's most omnipresent online companies will have the FTC looking closely over its shoulder for the next 20 years.
- Law enforcement frequently is demanding, without warrants, more information from Internet service providers. The Wall Street Journal recently reported that federal law enforcement is regularly obtaining secret court orders requiring Internet services to provide data about customer accounts. The Electronic Communications Privacy Act (ECPA) authorizes law enforcement to obtain customer records on the basis of a showing weaker than the “probable cause” standard required for a warrant. One U.S. Court of Appeals has ruled that law enforcement must meet the probable cause standard in order to access the “contents” of an electronic record held by an Internet service provider, but the law in this area is in flux. Any website that processes electronic messages, that registers or tracks users or that hosts user-generated content could well receive such an investigative demand from law enforcement. Google and Twitter have, and your site could as well. It is important that your site know how to respond.
- SEC guidelines may make public companies disclose cyber vulnerabilities. Guidance issued by the Securities and Exchange Commission (SEC) directs publicly held companies to disclose the risk of cyber-incidents where such a risk is “among the most significant factors that make an investment in the company speculative or risky.” Public companies should consider this a strong signal that they should take a thorough look at their cyber vulnerabilities.
- Proposed FAR amendment would require privacy training for government contractors. The Department of Defense, the General Services Administration and the National Aeronautics and Space Administration have proposed a regulation that would require employees of government contractors who work with “systems of records” covered by the Privacy Act of 1974 to undergo annual privacy training. This proposed change to the Federal Acquisition Regulation (FAR) will, if adopted, as is likely, require government contractors to conduct new training of certain employees involved in handling personal data covered by federal law.