For the record, privacy, data protection, information security and international law have officially converged with management, compliance and marketing. More than 30 U.S. states have now passed legislation in one form or another that requires businesses to notify consumers if an actual or potential breach of data security may lead to the compromise of personally identifiable information. This comes on the heels of several years of the government tightening its own policies regarding data security breaches and instances of compromised security.
Recently, the Office of Management & Budget, which oversees U.S. federal agencies, announced a tougher policy for government, requiring agencies to follow the security procedures checklist prepared by the National Institute of Standards and Technology (“NIST”) to protect data. An internal OMB memo recommends that data on mobile computers and devices carrying agency data be encrypted, and suggests two-factor authentication (one being separated from the actual computer obtaining access to the data).
As noted in prior issues of Legal Bytes, requirements and compliance obligations for commercial enterprises doing business across state lines and national boundaries vary, although many have common themes. If you are concerned—and you should be—contact us. We can help you sort out your current compliance obligations and help you keep track of the changing privacy and data protection landscape, both domestically and internationally. Even if you choose not to inject your views into the regulatory process, you must keep abreast of developments or risk action by consumers and regulators.
Continue reading “Disclosures, Decency and Data Security”
The Mobile Marketing Association has promulgated guidelines, now adopted by many leading wireless carriers and programming networks, to deal with the growing use of email, SMS (text messaging) and similar mechanisms in advertising and marketing. As you will recall, legal and regulatory actions have arisen based on the fact that some companies’ marketing practices fail to adequately disclose the charges, whether subscription or imposed by the wireless carriers, that apply to some of their services and, in some cases, to the advertisements and marketing messages themselves.
Wireless carriers are beginning to adopt content guidelines for what they will or will not transmit from content partners—regulating such things as sexually explicit, graphic violence, profanity, hate speech and other topics, words and images—in some cases including lengthy lists of “forbidden words.” CTIA, the wireless industry trade association, issued fairly broad content guidelines last November, but left the specific implementation to the individual carriers. Some carriers have carried this implementation to a level of detail that covers everything from games, music, images and video, and in some cases even governs the file names of anything downloaded or transmitted.
Wait until you wake up to the issues raised by transmission and posting of “user generated content.” As you may know, in addition to the FTC regulating advertising and certain content in the U.S., and on top of state laws, the Federal Communications Commission (“FCC”) having authority to regulate indecent content on television and radio and the mobile phone as a media and entertainment device is no longer fiction, but fact in many cases. Did you know that our Advertising, Technology & Media Law group has significant experience in all these areas (Judith Harris for FCC and communications; Doug Wood for advertising and marketing; and, of course, any of us or me, if you simply can’t figure out where your need fits).