Hosch & Morris, PLLC

Latest from Hosch & Morris, PLLC - Page 2

Privacy Plus+ Privacy, Technology and Perspective Antitrust Takes Center Stage in China?  China is increasing both its antitrust-like regulation of its largest e-commerce companies, and its iron grip on consumer data and personal information.  You can read about those developments by clicking on the following links: https://technode.com/?s=antitrust https://technode.com/?s=privacy China’s Nine “Do Nots:”  Prefacing China’s increased regulatory scrutiny is an “administrative guidance meeting” that took place in December, wherein the State Administration for Market Regulation (SAMR) warned China’s “big tech” companies to pay attention to problems of “low price dumping and squeezing jobs,” issuing a list of nine “must nots” or…
Privacy Plus+ Privacy, Technology and Perspective Advertising by Email:  1 Tricky Definition and 3 Practical Tips.   If you’re in business today, chances are you reach out to new customers by sending ads, promotions, or solicitations by email.   You know about the CAN-SPAM Act, and you’ve received enough solicitations yourself that you know to tell the truth and include an “unsubscribe” option legibly.  (If you’d like a refresher on CAN-SPAM, click on the following are links to the Act, and the Rule which the Federal Trade Commission (FTC) has published pursuant to it:)  https://www.law.cornell.edu/uscode/text/15/7703 https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=cea8be427690a26231dda41b8ccb5f75&ty=HTML&h=L&n=16y1.0.1.3.40&r=PART The FTC has also published…
Privacy Plus+ Privacy, Technology and Perspective Data Breaches, Employment Relationships and Inadvertent Mass Emails. Recently, the United States Court of Appeals for the Second Circuit issued a unanimous opinion in McMorris v. Carlos Lopez & Associates, addressing one of the hot issues data breach class actions – whether victims of a data breach can establish Article III standing by alleging they are at an increased risk of identity theft or fraud, even if their personal data has not yet been misused.  The answer is: It depends.  The case raises at least four other important issues, so let’s look at the…
Privacy Plus+ Privacy, Technology and Perspective Privacy and Security Risk Management – Contractual Requirements.  Organizations increasingly rely on outsourcing to third-party service providers to maximize efficiencies and often minimize costs.  However, as organizations rely on service providers, risk management becomes critical, especially in relation to privacy and security where service providers perform critical personal data processing activities on behalf of an organization.  Due diligence, privacy and data protection risk assessments, contract terms, ongoing monitoring to enforce compliance are all important components of robust privacy and security risk management. In this post, we focus narrowly on provisions you need to include…
Privacy Plus+ Privacy, Technology and Perspective State Requiring Reasonable – and Documented – Data Security.  In the United States, implementing and maintaining “reasonable” data security measures and avoiding deceptive privacy and data security claims are the touchstones of data privacy.  While the Federal Trade Commission (FTC) has taken the lead in enforcing numerous cases against both B2C (business-to-consumer) and B2B (business-to-business) companies based on inadequate information security and/or inaccurate privacy and data security claims in violation of the FTC Act, states are also enforcing numerous state-based data security laws requiring reasonable security measures.  The following link references some of those…
Privacy Plus+ Privacy, Technology and Perspective Britain Moves a Step Closer to “Adequate.” This week, the United Kingdom took another step forward towards smoothing out the privacy difficulties caused by Brexit, as the European Data Protection Board (EDPB) generally approved Britain’s mechanisms for protection of personal data as “adequate” under the EU’s General Data Protection Regulation (GDPR). “Adequacy” under the GDPR Put broadly, the GDPR restricts transfers of personal data outside the European Economic Area (EEA), or the protection of the GDPR, unless the rights of the individuals with respect of their personal data are protected in another way, or…
Privacy Plus+ Privacy, Technology and Perspective Free Speech, Twitter and the Law of Unintended Consequences. Increasing talk about the role(s) and responsibilities of big platforms has us thinking this week about the difference between what is “private” and what is “public.”  This week, the U.S. Supreme Court decided that since he is no longer president, Donald Trump’s lawsuit objecting to the lower courts’ order preventing him from “blocking” critics on his Twitter account is now moot. Justice Clarence Thomas did not disagree, but concurred to warn that: ·       “the concentrated control of so much speech in the hands of a…
Privacy Plus+ Privacy, Technology and Perspective Like We Need This:  SCOTUS rules that the TCPA allows Robo-Texting. In another example of how hard it is to apply strict “textualism” analysis in the cyber age, this week, the United States Supreme Court looked at the exact language of the 30 year-old Telephone Consumer Protection Act (TCPA), and concluded that its language doesn’t reach to automated sending of text messages – a technology which didn’t exist at the time the TCPA was passed.  When the TCPA was enacted in 1991, the problem was automatic telephone dialing systems which used computerized voices to…
Privacy Plus+  Privacy, Technology and Perspective  Texas is Making Millions/Year Selling Personal Information.  Our state government has generated over $450 million in the last 5 years by selling drivers’ personal information, including names, drivers’ license numbers, dates of birth, photos and other information maintained by both the Texas Department of Public Safety and Texas Department of Motor Vehicles.  The Dallas Morning News’ “Watchdog,” Dave Lieber, reported that story, and you can read it at the following link: https://www.dallasnews.com/news/watchdog/2021/03/19/its-mind-blowing-how-many-millions-of-dollars-texas-makes-each-year-selling-your-personal-data/ The sale of personal information by a state government isn’t new or surprising.  We have previously written on California’s similar commercialization of…
Privacy Plus+ Privacy, Technology and Perspective  Additional CCPA Regulations – An Illusion of Privacy.  On March 15, 2021, California Attorney General Xavier Becerra approved additional, amended regulations under the California Consumer Privacy Act (“CCPA”).   The newly amended CCPA Regulations prohibit “dark patterns” or deceitful user interfaces (Section 999.315h) when a user exercises her CCPA right to opt-out from sale of her personal information.  They also prohibit burdening consumers with confusing language or unnecessary steps in the process of opting-out of the sale of personal information.  The amended CCPA Regulations also provide for a uniform “opt-out icon,” which can be…