Professor Paul Schwartz (Berkeley School of Law) and I recently published a new book, PRIVACY LAW FUNDAMENTALS. This book is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases. Continue Reading
So you signed up for the federal Do Not Call List and expect not to receive any more of those annoying telemarketing calls ever again. Think again. Signing up expires after 5 years, so if you signed up back when the list first came into existence, you’ll need to sign up all over again soon. It’s the FTC’s way of making us feel like Sisyphus. Lame.
In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here.
One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach pursuant to California’s data breach notification law. At the time, California was the only state that mandated individual notice following a breach. Subsequently, numerous states passed laws requiring that companies notify individuals of breaches. Federal legislation is currently being considered to create a national security breach provision. But key questions remain in hot contention. First, what kind of breach should trigger a notification? If the risk of harm is low, some companies contend, then providing notice can be quite costly with little benefit in return. Second, what kind of notice should be given? Notice to each individual affected? Notice to the media or FTC only?
You’ve probably seen the commericals, which run incessantly on CNN and other cable channels. A happy young man says: “I’m thinking of a number . . . ” That number is a credit score, which you can obtain at a website called FreeCreditReport.com. You probably have heard that under a new federal law, credit reporting agencies are required to provide each person with a free credit report once a year. That website, however, has the much more obscure name AnnualCreditReport.com. I previously blogged about my experiences using AnnualCreditReport.com. One of the problems is that if you don’t know that the correct website is AnnualCreditReport.com, then it is very easy to go to the FreeCreditReport.com website. After all, it is featured quite prominently in a Google search for “free credit report.”
But there’s one catch — it ain’t free. Far from it. From the fine print:
Recently, the FTC announced a settlement in its complaint against the data broker ChoicePoint for a data security breach that resulted in over 160,000 people’s personal information being sold to identity thieves. According to the Washington Post: