Privacy & Security - US & Abroad
Arent Fox is on the cutting edge of privacy laws and has experience assisting clients with all aspects of privacy and data security. For example, we routinely assist companies with the development of an internal security protocol that meets the requirements of the applicable state and federal laws. In this regard, our practice groups have helped companies comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the Gramm-Leach-Bliley Act (GLB), and the Children’s Online Privacy Protection Act (COPPA), as well as the Payment Card Industry Data Security Standard (PCI DSS) and related payment laws.
Our lawyers also routinely advise companies about online privacy, including providing advice on notification and consent, and when an opt-in is necessary, or merely suggested. In this capacity, we work with small and large businesses on their social media marketing to help them comply with all applicable rules, guidelines, and laws.
Finally, our team has notable experience with managing a reaction to a data breach, having been part of the response to one of the largest known data breach incidents. In this capacity, we assist with all aspects of the breach, including the consumer, regulator, and payment card industry notification procedures, and the compliance and protocol development after the incident.
In a move to join the growing list of regulators involved in the US cybersecurity space, the New York Department of Financial Services announced earlier this month that it is considering new cybersecurity regulation for financial institutions.
California’s Song-Beverly Credit Card Act does not prohibit retailers from collecting email addresses after a credit card transaction has been concluded, according to a recent ruling by a California appellate court. The decision provides some welcome clarity for retailers who engage in point of sale data collection.
What is the Song-Beverly Act?
What’s the News?
A US Bankruptcy Judge recently approved the sale of a package of RadioShack’s intellectual property assets—including consumer data obtained from RadioShack customers—to General Wireless Inc., the hedge fund affiliate that acquired over 1,700 RadioShack stores in February. The sale was not without controversy.
On March 17, 2015, Arent Fox LLP secured a summary judgment of more than $69 million for SD-3C, LLC when a federal judge ruled that two Chinese companies and four of their executives were guilty of fraud, trademark infringement, and breach of contract after underreporting sales and royalties on the sale of memory card technology licensed by SD-3C.
On March 19, 2015, a Minnesota federal judge granted preliminary approval of Target Corporation’s (Target) proposed $10 million settlement of a class action lawsuit, which arose out of a 2013 data breach that compromised personal information of roughly 110 million of Target’s customers. The proposed settlement would pay out $10 million to the plaintiffs and up to $6.75 million in attorney fees. Consumers affected by the breach could be awarded up to $10,000 in damages each if they can prove damages.
Last week, the Footwear Distributers and Retailers of America (FDRA) hosted a briefing on cybersecurity trends in the retail industry. In light of the high-profile data breaches in 2014 — including many at the retail level — the briefing aimed to inform the footwear industry on the nature of today’s cyber threats and the way to most effectively secure private information.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.