President Trump signed into law the FAA Reauthorization Act of 2018 (“FAA Act”) in which Section 375 authorizes the Federal Trade Commission (“FTC”) to apply Section 5 of the FTC Act to privacy policy violations by persons that use Unmanned Aerial Systems (“UAS”) “for compensation or hire, or in the furtherance of a business enterprise.”...

Read More →

The Indiana Supreme Court ruled that fantasy sports operators can use athletes’ names, pictures, and statistics without the athletes’ consent, providing a major win for the fantasy sports industry. The Court concluded that “Indiana’s right of publicity statute contains an exception for material with newsworthy value that includes online fantasy sports operators’ use of college...

Read More →

Did you know that ZwillGen maintains a private and confidential list of jobs shared with us by clients or other friends of the firm? Sometimes these open positions are public, and other times we get a “sneak peek” to share with our clients and alumni, many of whom are ultra-talented in the areas of privacy,...

Read More →

A New Jersey federal court has dismissed a proposed class action lawsuit against multiple “smart TV” manufacturers alleging that their televisions improperly collect information on what customers are watching on their screens. The court held that the collection activities described in the complaint did not violate the Video Privacy Protection Act (“VPPA”) because data points...

Read More →

The North Carolina Attorney General’s Office issued a letter to Google on October 11th demanding that the company answer questions about the recent breach affecting its Google+ network. The NC AG’s inquiry signals that companies may now face scrutiny from state regulators after a data breach regardless of whether the incident triggers state breach notification...

Read More →

The classic refrigerator clean-out rule, “When in doubt, throw it out” could be a tagline for Colorado’s recent amendment to its data security and breach notification laws, HB 18-1128. As a policy, if you don’t need personal identifying information (“PII”), it should be properly disposed of or destroyed. If you are going to keep PII,...

Read More →

The Federal Trade Commission (“FTC”) announced settlements on September 27, 2018 with four companies that the FTC alleged falsely claimed to be EU-U.S. Privacy Shield certified. These settlements with IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – in conjunction with another settlement in July and three others in November 2017 –...

Read More →

A Canadian law that goes into effect on November 1st will require companies to maintain a record of all breaches, regardless of whether they are reportable. We’ve previously written about the Canadian law that will impose a country-wide data breach notification requirement, and we explain the recordkeeping requirement (sometimes referred to as a “ledger” requirement)...

Read More →

The SEC and Voya Financial Services recently reached a $1 million settlement, stemming from a 2016 security incident in which individuals impersonating Voya’s independent contractors were able to gain access to the PII (including full social security numbers, date of birth, and email address) of at least 5,600 Voya customers. The impersonators gained access by calling...

Read More →

Since the D.C. Circuit issued its ruling in March invalidating as arbitrary and capricious many of the FCC’s interpretations of the Telephone Consumer Protection Act (“TCPA”), courts have been tasked with clarifying the definition of autodialer under the TCPA. Industry received good news in June when the Third Circuit ruled that an autodialer must have...

Read More →