MMA Releases Mobile App Privacy Guidelines – Appy Days Are Here Again

A few days ago (October 17), the Mobile Marketing Association released its MMA Mobile Application Privacy Policy, which the MMA asserts is the first industry guideline to deal with data protection and privacy specifically related to mobile and wireless applications. The guideline being made available for comment is slated to be finalized sometime after November 18, 2011, when the MMA’s comment period is scheduled to close. The press release notes that there are currently more than 425,000 iPhone/iPad apps available from Apple’s App Store, and more than 200,000 available for Android.

The document is intended to deal with some of the basic privacy principles and text that developers should consider incorporating into mobile apps to let consumers know how their data is collected and used, as well as information regarding confidentiality and the security of information that becomes available when a consumer installs and uses a mobile app. Obviously, legal disclaimers and disclosures and issues related to privacy and data protection are quite jurisdiction-specific, and compliance will always require consultation with legal counsel to be sure mobile, and all other online and other applications and processes, conform to the legal requirements of each jurisdiction that applies to consumers for that application or process.

Rimon’s offices around the world are open, coordinating with our Advertising Technology & Media law practice group, ensuring that lawyers knowledgeable in data protection and privacy, as well as in mobile technology and marketing, are available to help you. As always, if you want to know more about how lawyers who understand can help your business, feel free to contact me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

BNA Highlights Health IT Issues Raised by Rimon Attorneys

The August 29, 2011 issue of BNA’s Health IT Law & Industry Report (Vol. 3, No. 36), describes some of the major legal and contractual issues raised when health care industry companies and professionals are considering moving to a cloud computing environment. Joseph I. (“Joe”) Rosenbaum was interviewed by the author, Kendra Casey Plank, for her article, entitled, “Attorney: Cloud Services Offer Affordable Solutions but Raise Privacy, Security Risks.” The article not only quotes Rosenbaum extensively, but also refers to Rimon’s White Paper series “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” which began in June 2010 (see "Transcending the Cloud" – Rimon Announces White Paper Series & Legal Initiative on Cloud Computing). The series is updated regularly with individual articles on topics ranging from government contracting and state tax, to the most recent White Paper entitled, “Health Care in the Cloud – Think You Are Doing Fine on Cloud Nine? Hey, You! Think Again. Better Get Off of My Cloud,” which Rosenbaum and Rimon Associate Vicky G. Gormanly wrote and which was posted on the Legal Bytes blog August 5, 2001 (Transcending the Cloud – Health Care on Cloud 9? Are You Doing Fine?). What’s the state of your health care compliance? Are you doing fine?

Read the White Paper and, if you have any questions or need help, contact Joe Rosenbaum or Vicky Gormanly, or the Rimon attorney with whom you regularly work.

Who’s Right on Privacy? Rosenbaum on Legal Bisnow.

You’ll have to read the story to find out why Rimon’s own Joseph I. (“Joe”) Rosenbaum thinks that “Privacy is the elephant-sized rubber band ball in the room.” Joe was recently interviewed by Jeff Gamsey, managing editor of Legal Bisnow, and is featured in yesterday’s lead story on Legal Bisnow entitled, “Who’s Right on Privacy?”

Transcending the Cloud – Health Care on Cloud 9? Are You Doing Fine?

If you are a music aficionado, you will remember that years ago, The Temptations sang “I’m Doing Fine on Cloud Nine.”

 

https://youtube.com/watch?v=6aiYCuOzmcs

 

If you are a health care provider paying attention to the buzz about cloud computing, you may be concerned about migrating your technology, your data and your applications to a cloud environment.  Or, let’s say you are just confused about the implications. You are not alone.

That’s precisely why our Cloud Computing initiative exists. To provide you with a guidance system – navigational tools to allow you to see sunshine, even on a cloudy day. So, as part of our ongoing commitment to keeping abreast of legal issues, concerns and considerations in the legal world of cloud computing, here, from Vicky G. Gormanly and Joseph I. Rosenbaum, is the next chapter in Rimon’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” entitled “Health Care in the Cloud – Think You Are Doing Fine on Cloud Nine? Hey, You! Think Again. Better Get Off of My Cloud.” This white paper examines the considerations and concerns that arise for the health care industry and the industry’s associated suppliers, vendors and providers in the wake of complex and evolving regulation and scrutiny – most notably, in the privacy and data protection of medical information – of electronic health records.

As we do each time, we have also updated the entire work, so that in addition to the single ‘Health Care in the Cloud’ white paper, you can access and download a PDF of the entire “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, up to date and including all the previous chapters in one document.  After reading the article, instead of doing fine, you just may want to take the advice of The Rolling Stones and “Get Off of My Cloud” until you consult your legal advisors.

 

 

Of course, feel free to contact Vicky Gormanly or Joe Rosenbaum directly if you have any questions or require legal counsel or assistance related to this white paper. Make sure you subscribe via email or get the Legal Bytes RSS feed so you are always in touch with our latest information. Of course, if you ever have questions, you can always contact any Rimon attorney with whom you regularly work.

ICONfusion Creeps Into Interactive Advertising Awareness

Earlier this week, ClickZ reported that the improper use of the Digital Advertising Alliance’s behavioral icon

is threatening to dilute the self-regulatory effectiveness of its campaign to educate consumers on the risks of online behavioral advertising, and enable them to make an informed judgment in seeking to control the use of their browsing behavior across multiple websites. Legal Bytes has previously reported the initial development and launch, as well as the growing acceptance of the industry’s self-regulatory efforts (just search us for “behavioral advertising” or follow the links through any of our prior posts – e.g., Self-Regulatory Ad Industry Effort Continues to Drive Forward). While the icon has gained wide acceptance as part of the advertising industry’s self-regulatory initiative (See Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), using it inappropriately or inaccurately may cause consumers to be more confused, rather than educated.

You might be tempted to argue that if advertising that does not involve behavioral information nonetheless includes the DAA icon, what’s the harm? However, if the objective is to educate consumers about the distinctions in how their information is collected and used by advertisers, agencies, network publishers, browser publishers and others in the interactive ecosystem, confusion fuels the concerns already raised by consumer advocacy groups, regulators and lawmakers alike – and that’s counterproductive.

The good news is that the industry campaign to stimulate adoption of the self-regulatory guidelines and the inclusion of the icon in relevant advertising is gaining momentum – a sign the industry can and will police and regulate itself. Innocent mistakes in the name of compliance are certainly better than abuse or ignorance, so let’s not be too quick to throw stones. That said, as consumers increasingly see the icon and begin to appreciate, and take advantage of, the self-regulatory efforts, it behooves the industry to do a better job of making sure the educational component is consistent and not ICONfusing!

As always, if you need more information about the advertising industry’s self-regulatory initiative, advice regarding compliance, or legal help in understanding the dynamic and ever-changing environment of online and mobile interactive advertising, marketing and privacy, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work – our lawyers deal with these issues every day.

Payment Card Industry Takes a Swipe at Virtual Security

Someone in the payment instrument, payment processing, or payment systems environment must be living under a rock if he or she has not heard of or been affected by the Data Security Standards (DSS), or “PCI-DSS” as it has been referred to in the industry, promulgated and released by the Security Standards Council of the Payment Card Industry Association (PCI). Although the original impetus for the credit-card-driven security standards was combating identity theft and credit card fraud in the wake of the data breaches and compromised (or potentially compromised) databases containing sensitive consumer payment account information, the standards have become the de facto starting point for any compliance security standard in the payment industry.

Last week, the PCI Security Standards Council released new comprehensive guidelines for PCI compliance in virtual card holder data environments dealing with consumer payment system and payment transaction security in a virtual environment. Rimon lawyers who work in this area consistently and who have a wealth of experience with information security and financial services, have put together a client alert entitled: "Is the PCI Security Standards Counsel Preparing for Cloudy Weather?"

Credit, debit and prepaid cards; smart cards and chip cards; gift cards and stored value cards; co-branded cards and loyalty rewards programs; corporate cards, fleet cards and purchasing cards; data protection and privacy; information security, identity theft and data breaches; micro, digital and virtual payment systems – E Commerce; The Fair Credit Reporting Act; Regulation E; Regulation Z; Credit Card Act of 2009 (see Credit Card Act of 2009: Act I, Scene 1 or just search the Legal Bytes blog)! Do any of these terms apply to you? Talk to us. It’s what we do. Contact any of the lawyers listed in the Alert, contact me, or contact the lawyer at Rimon with whom you routinely work, and we will make sure we help you or connect you to someone at Rimon who will be happy to do so.

Transcending the Cloud – Advertising & Marketing Make Rain

This post was written by Joseph I. Rosenbaum and Keri S. Bruce.

As part of our ongoing commitment to keeping abreast of legal issues, concerns and considerations in the legal world of cloud computing, most of you know we have been publishing regular topical updates to our Cloud Computing initiative – new chapters and white papers intended to provoke thought, stimulate ideas and, most of all, demonstrate the thought leadership Rimon attorneys bring to bear when new and important trends and initiatives in the commercial world give rise to new and interesting legal issues. If you didn’t know, re-read the previous run-on sentence!

So here, from Joe Rosenbaum and Keri Bruce, is a glimpse at some issues that apply to the world of advertising and marketing arising from Cloud Computing. This next chapter in Rimon’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” is titled “Cloud Computing in Advertising & Marketing: Looking for the Silver Lining, Making Rain.” This white paper tries to examine the considerations and concerns that arise within the advertising and marketing industries in the wake of complex and evolving regulation and scrutiny. We hope it provides some insight into the issues and the factors that apply, even as the industry and the regulatory landscape continue to evolve.

As we do each time, we have updated the entire work so that, in addition to the single "Advertising & Marketing" services’ white paper, you can access and download a PDF of the entire “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, up to date and including all the previous chapters in one document.

Of course, feel free to contact Joe Rosenbaum or Keri Bruce directly if you have any questions or require legal counsel or assistance related to advertising and marketing. Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. And if you ever have questions, you can always contact any Rimon attorney with whom you regularly work.

China Announces State Internet Information Office

This post was written by Joseph I. Rosenbaum, Frederick H. Lah, Zack Dong and Amy S. Mushahwar.

On May 4, 2011, the Chinese government announced it was establishing the State Internet Information Office, an office dedicated to managing Internet information. According to the announcement, this office will be responsible for directing, coordinating, and supervising online content management. The office will also have enforcement authority over those in violation of China’s laws and regulations (see, for example, China sets up office for Internet information management). While there are reports that many believe the purpose of the new office will be to censor political and social dissidents (see, China Creates New Agency for Patrolling the Internet, the office may also have a key role in thwarting illegal spamming and other dubious data practices.

Further, many see the establishment of this office as another step forward for the Chinese in terms of establishing their own data-protection regime. China has long been considered as lagging behind other countries in terms of their data-protection standards (quite possibly by design), and with no comprehensive data privacy law, businesses have had little guidance concerning the handling of personal data. China published the draft Personal Information Protection Measures in 2005, but those Measures have not yet been adopted and little progress seems to have been made since then. However, in February 2011, China issued a draft of the “Information Security Technology – Guide of Personal Information Protection” (“Guidelines”) to address the lack of guidance and standards surrounding online information practices in China. The Guidelines include standards with respect to collecting, processing, and using data, and there are provisions related to the transfer of data to third parties. While the Guidelines are technically non-binding, they still provide important guidance for businesses in China on how to protect the online information of China’s citizens. With the Guidelines still under review, Rimon lawyers will continue to monitor developments to see what form the Guidelines will take in the future.

If you have or are considering a presence in China, you need to know and be attentive to many things, if you are to succeed in the Chinese marketplace. That’s why you should contact Frederick H. Lah in our Princeton office, Zack Dong in our Beijing office, Amy S. Mushahwar in our Washington, D.C., office, me, or the Rimon lawyer with whom you regularly work. When you need legal guidance or have questions about regulations that apply online, on the Web, and across the Internet, in almost any part of the world, let us know. We are here to help.

Mobile Advertising & Marketing – Myths & Miffs

Thanks to the Digital Marketing Committee of the Association of National Advertisers for having me attend and give a presentation on mobile advertising and marketing yesterday. A copy of the presentation is available for your reading enjoyment right here: “Mobile Marketing or I Know Where You Will Be Next Summer & Other Mobile Marketing Myths.” (PDF)

UK ICO Issues Guidelines for Online Compliance – C is for Cookie

The Information Commissioner’s Office in the United Kingdom, in furtherance of the European Union’s “browser cookie” laws (EU Privacy and Communications Directive), has just published a set of guidelines that commercial enterprises will need to comply with when the new law goes into effect May 26. Because the laws’ requirements relate to technology and marketing, the intention of the new guidelines is to provide guidance on compliance for businesses.

For background, in case you haven’t been following this closely, in November 2009, the European Parliament amended the Directive of Privacy and Electronic Communications 2002/58/EC (sometimes referred to as the e-Privacy Directive) that mandated that websites give consumers the right to opt out of receiving cookies (in most cases by changing settings on their web browsers). The 2009 amendments reversed the requirement, setting the default as “opt in.” Consumers will have to give permission (informed consent) to a website in advance, to allow a cookie to be placed on their computer.

The UK ICO’s guidance makes it clear that all businesses, private and public, will be required to get consent from the user, in advance of having a browser cookie downloaded and installed on the consumer’s computer. In addition, the ICO has amended the UK Privacy and Electronic Communications Regulations to mandate that clear and thorough information – to ensure informed consent – is provided to end users, explaining why their information is being stored and how it will be used by the commercial enterprise. Expect to see consumer-directed information soon, alerting consumers as to what their rights are and what to expect as businesses comply with the new law and regulations.

As you probably know if you are a loyal and longstanding reader, Legal Bytes in 2009 reported that the major players in the online advertising industry had issued self-regulatory principles concerning online behavioral advertising (Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), and intended to create an industry self-policing mechanism, as well as disclosures to consumers concerning the use of their personal information. The self-regulatory mechanisms in the United States – these being similar – have followed an “opt out” approach to consumer privacy and the control of personal information. For multinational and international businesses worried about compliance (and that includes all you web browser publishers) – well, it’s complicated.

As always, if you need guidance for your advertising, marketing, privacy or data protection efforts, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work. Our lawyers deal with these issues every day.