Skip to main content

Publications Publications Section

Date

Title

Attachment

December 2011

And now for the question:

Q: Do I really have to obtain consent from all my customers to make a change to my privacy policy? No one else seems to be following that rule.

October 2011

And now for the question:

Q: Could my privacy policy hinder the liquidation of my company's assets?

August 2011

And now for the question:

Q: Did you know there are breach notification obligations in all 50 states, even though only 46 states have adopted them? How could that be, you ask? Because Texas said so. (Does that surprise you?)

January 2010

And now for this month's question:

Q: How can I convince my company’s higher-ups to make data security more of a priority for the company?

November 2009

And now for this month's question:

Q: Does my company have to start obtaining consent from our Web site visitors to place cookies on their computers?

“A Moment of Privacy” addresses one legal development each month in the area of privacy and data security law. We answer the questions our clients are asking, in a way that we hope gives practical information to our readers. If you send us your question, you may find your answer in an upcoming newsletter.

October 2009

And now for this month's question:

Q:  My company's data security policy classifies consumer contact information as confidential, but not "highly confidential" or "sensitive." Should we rethink that classification?

September 2009

And now for this month's question:

Q:  Since when does a legal entity have "privacy" rights?

August 2009

And now for this month's question:

Q:  My company does not target marketing towards kids, nor does it collect health-related information. Do I have to worry about Maine's new "Act to Prevent Predatory Marketing Practices Against Minors"?

July 2009

And now for this month's question:

Q:  In the context of wireless network security, I hear a lot about WEP vs WPA, but I do not know what they mean, nor do I know what legal considerations need to be taken into account when choosing between them. Can you give me the run down on this so that I can speak intelligently with my company’s information technology specialists?

June 2009

And now for this month's question:

Q:  My company collects information about its customers' online browsing activities, and we disclose the fact that we do this in our privacy policy. Is this sufficient disclosure?

May 2009

And now for this month's question:

Q:  Last month's Moment of Privacy addressed whether the Red Flag Rules apply to medical care providers. Now I am hearing that they may apply to retailers. Is that true?

April 2009

And now for this month's question:

Q:  Last month's Moment of Privacy addressed whether the Red Flag Rules apply to medical care providers. Now I am hearing that they may apply to retailers. Is that true?

March 2009

And now for this month's question:

Q:  I have been waiting for resolution of the question: Do the Federal Trade Commission's Identity Theft Red Flag Rules apply to health care providers? With the May 1st compliance deadline looming, my company needs to know.

February 2009

And now for this month's question:

Q:  My company uses individual health information for marketing and fundraising purposes. Does the recently enacted economic stimulus legislation, H.R. 1 (111th Cong. 1st Sess. Feb. 17, 2009), contain provisions that regulate this type of marketing? What are these provisions?

January 2009

And now for this month's question:

Q:  I understand that the Network Advertising Initiative issued a new Self-Regulatory Code of Conduct covering online behavioral advertising in December 2008. What do I need to know about the revised Code?

December 2008

And now for this month's question:

Q:  My company's marketing department wants to launch a campaign with a partner that will involve obtaining a user's address book contacts from his Web-based e-mail account and sending marketing messages to those contacts. What should I watch out for in connection with this campaign?

November 2008

And now for this month's question:

Q:  My company may begin using cloud computing in its IT infrastructure. Are there any privacy issues that I should be aware of?

October 2008

And now for this month's question:

Q:  My company is considering marketing to consumers' wireless devices using text messaging ("SMS"). We heard that a large U.S. merchant recently entered into a settlement in a class action, under which it will have to pay $7 million. What happened in this case, and what can we learn from it?

September 2008

And now for this month's question:

Q:  I understand that Massachusetts' new information security rule reaches beyond what other states require. What do these new rules mean for my company?

August 2008

And now for this month's question:

Q:  My company is a HIPAA-covered entity. We heard that another HIPAA-covered entity recently entered into a settlement with the U.S. Department of Health & Human Services ("HHS") under which it had to pay civil fines to the federal government for violation of the HIPAA privacy and security regulations. What happened in this case, and what can we learn from it?

July 2008

And now for this month's question:

Q:  I know that a host of state laws require that my company take measures to protect the confidentiality of the social security numbers that it possesses regarding employees and consumers. But I hear that Connecticut's new law, "AN ACT CONCERNING THE CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS," requires more. Is that true?

June 2008

And now for this month's question:

Q:  I have been waiting for the FTC's clarification on how the CAN-SPAM Act treats multi-advertiser e-mails, tell-a-friend campaigns and affiliate marketing programs for years. What did they finally say?

May 2008

And now for this month's question:

Q:  My B2C company is beginning to explore marketing to consumers' wireless devices using text messaging ("SMS," or "short message service") and MMS messaging ("Multi-media Messaging Service").  We may even target our promotions based on where the recipient is physically located using the wireless device's GPS technology.  We also may target our promotions to teens and tweens.  What legal issues should I be aware of as we navigate through this relatively new area?