Do Not Track – Diving Deeper Into the Quicksand

Coming on the heels of a bill aimed at preventing children from being tracked, introduced by Rep. Ed Markey (D-Mass.) (see, Rep. Markey Releases a Kids Do Not Track Discussion Draft Bill): Today, Jay D. Rockefeller (D-W.Va.), Chair of the Commerce, Science & Transportation Committee in the U.S. Senate, introduced a Do Not Track Online bill that would empower the FTC to promulgate rules “that establish standards for the implementation of a mechanism by which an individual can simply and easily indicate whether the individual prefers to have personal information collected by providers of online services, including by providers of mobile applications and services . . . ”

A copy of the proposed legislation is available here for you to download and read Do Not Track Online Act of 2011 – Proposed Rockefeller Bill (PDF). Of course, if you need legal guidance, advice or representation as these bills are introduced and make their way through the legislative process, don’t hesitate to call us. We are here to help.

Dear WikiLeaks, Here We Come. Sincerely, The Wall Street Journal.

The Wall Street Journal just announced it has established a secure mechanism that allows “newsworthy” materials to be uploaded to its separate, but internal, secure servers. The new service, Safehouse, is a logical outgrowth of the age-old newsgathering function. That noted, one can only imagine everyone scratching their heads saying, “What took you so long?” considering the international notoriety garnered by the most visible recent leak-gathering organization, WikiLeaks.

Legal Bytes was certainly not alone in highlighting the WikiLeaks phenomenon (see IMHO – Wiki Wiki True to Its Meaning), so it’s a bit surprising that traditional news organizations had not previously moved aggressively into the digital technology age with their news-gathering activities. That said, kudos to the industry for opting to enter the digital age on the input side of the process and create competition in this arena, just as competition among journalists has existed for centuries.

The presumption is the WSJ upload process will be secure and apparently anonymous – the accumulation of anonymous and pseudonymous tips, leaks and leads has long been part of every investigative reporter’s and journalist’s job. Other news organizations are also rumored to be working on similar services, although not having done an investigation myself, others perhaps may have already launched. The WSJ service will reportedly provide encrypted digital file transmissions and, according to the Safehouse website, will seek to minimize the amount of technical information (read that to mean, traceable information) that the service receives on its servers.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

Sens. Kerry & McCain Introduce Commercial Privacy Bill of Rights Act

Sens. John Kerry (D-Mass.) and John McCain (R–Ariz.) have introduced a bill in Congress to legislatively enable a statutory bill of rights for consumers with respect to commercial privacy. You can read the full text of the Commercial Privacy Bill of Rights Act of 2011 (PDF), and Rimon will have a more complete analysis for your reading enjoyment soon; but the bill clearly intends to require that as little data about an individual is collected as possible, and give individuals a right to know how their information is being used. At first reading, the bill does not provide a private right of action, but does contemplate a self-regulatory program, perhaps a nod to the industry initiative that is highlighted in a recent Legal Bytes posting “OBA Self-Regulatory Initiative Gets Boost from Yahoo! & Google.” You can search for privacy, behavioral advertising and/or self-regulatory on our site and you will find more about this on the Legal Bytes blog.

It may be too early to tell just how much faith Congress has in the industry initiative. That said, it would seem somewhat foolish – given that the FTC and many Congressional leaders have argued for and applauded industry self-regulatory measures – not to afford an industry-sponsored, dynamic, self-regulatory program, a chance to work. As we’ve seen so many times before, along with the technology, consumers’ expectations of privacy, their tastes, commercial needs and sensitivities often change rapidly.

As always, if you need guidance for your advertising and marketing efforts, or privacy and data-protection counsel from lawyers who have experience and resources aligned to deal with these issues every day, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Italian Courts Order Yahoo! Italia To Keep the Links Missing

I picked up an interesting article published today in the International Law Office, and since the article is listed in the category of Information Technology, I thought some Legal Bytes readers with international interests and activities that are "content," "search" or "link" related might not see it.

The article summarizes a case in which Yahoo! Italia was held responsible for failing to remove links to infringing versions of a motion picture – thus, in the court’s view, resulting in contributory liability. What is also of interest is that the Italian court ordered Yahoo! in Italy to not only remove links to websites that "served" the allegedly infringing content, but also to remove any other websites that contained links to the websites serving that content – even if those websites had other links or provided other legitimate content, features and functions. Such a decision could have far-ranging implications since it goes to the heart of the ripple effect that linking has on legitimate content-sharing. It also raises the chilling specter of restricting access to otherwise legitimate, non-infringing content, features and functions based on a finding that there is a link to infringing material.

While one can make the case that such strong enforcement helps deter and ultimately prevent infringement, the breadth of the decision and the fact that a rights-holder can simply send a notice without requiring formal "proof" of infringement, means every link to every website that connects to an offending website could potentially be forced to de-link, and arguably bears some liability for contributory infringement. Think of the connections on social media, embedded players and links on the web – Wow!

If you want to read the entire article, you can access it right here Yahoo! Italia liable for searchable content. And as always, if you need advice from a U.S. lawyer who has done work with Italian companies and legal colleagues in Italy, call me, Joseph I. ("Joe") Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

OBA Self-Regulatory Initiative Gets Boost from Yahoo! & Google

Back in 2009, Legal Bytes reported that a coalition of the major players in the online advertising industry had gotten together and issued self-regulatory principles concerning online behavioral advertising (Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles). These principles were and remain intended to create an industry self-policing mechanism that provides, among other things, discipline and disclosures to consumers concerning the use of personal information.

Amidst much activity and debate – the good, the bad and the ugly – the industry has moved forward, creating a Digital Advertising Alliance (“DAA”) (and website), and enlisting the aid of the Council of Better Business Bureaus to develop and implement an enforcement process, much like the process that has worked quite successfully in traditional advertising for well more than 30 years! By the way, for the record, I refer to online behavioral advertising (OBA) as “digital behavioral advertising” or “DBA,” since excluding mobile and wireless would be a mistake, and “online” conjures up images of “wired.”

In a major show of support for the self-regulatory initiative, both Google and Yahoo! have announced they will begin using the “forward i” icon (shown below), promulgated by the DAA for its behavioral advertising.

Aside from the obvious boost to the industry’s self-regulatory efforts, the uniformity will help lessen the likelihood of consumer confusions regarding industry practices across the web. The DAA icon will also serve as a live link, taking users to user-based tools that a consumer can use to modify the behavioral and identified interest categories advertisers use to serve targeted advertising. The tools would also enable a consumer to opt out of receiving such advertising. Yahoo! actually will prevent partner sites from collecting consumer data if a consumer opts out, while Google will disable interest-based cookies and remove demographic and interest-related information from its Chrome browser when a consumer opts out.

Neither the industry’s self-regulatory program, nor the consumer tools available through the DAA’s program, were ever intended to stop data tracking (as you probably know, “do not track” is getting lots of play in Congress and the media lately). Microsoft and Mozilla have separately introduced modifications to their IE and Firefox browsers (i.e., HTTP header settings) that allow consumers to alter the settings and alert advertisers that they have opted out of tracking; although the settings do not block tracking per se, they will simply serve as notice to the companies that may be tracking user data of that consumer’s preference.

As always, if you need guidance for your advertising and marketing efforts or privacy and data protection from legal representatives who deal with these issues every day, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

I See Paris, I See France: Google’s Street View Draws French Fine

On December 20, 2010, a Legal Bytes blog entitled Look! Out the Window! It’s a Peeping Tom! No, It’s Google Street View noted the problems Google was facing as a result of a faux pas in connection with its Street View automobiles roaming the streets equipped with cameras. As we reported earlier, Google’s picture-capturing vehicles appear to have accidentally gathered data over unsecured Wi-Fi systems in more than one country and city around the globe – including France.

Although Google agreed to delete the Wi-Fi data collected accidentally and has apologized, if one picture is worth a thousand words, France has apparently decided that Google’s pictures were worth about €100,000. This is reportedly the highest fine imposed by the CNIL (the National Commission for Information Freedom – the French data-protection regulatory body) since it was given the authority to levy financial penalties in 2004. The financial sanctions were levied because Google’s activities were considered to be "unfair collection" of data under French law, data that Google was able to collect for economic advantage. The "accident" resulted from some "sniffing" programming code that ostensibly carelessly found its way into the equipment capturing Street View data in the cars as they roamed highways and byways.

While other countries are considering fines and investigations that are on-going, some countries (e.g., the United States) have apparently dropped the investigations or are not considering penalties at this time. This is not the last we will hear of location-based or geo-targeted information raising an uproar, as people "check in" and the surveillance society becomes closer to reality than we often care to admit. The law and regulation are not harmonized around the globe, and many regulators and laws don’t even adequately address the problem – often created because, like so many other issues in our digital world, some information is being shared voluntarily, some is not, and some is a blend.

As always, if you need advice and counsel about your own advertising and marketing efforts, or privacy and data protection guidance from legal representatives who deal with these issues – in the United States and around the globe – every day, feel free to call me, Joseph I. ("Joe") Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Look! Out the Window! It’s a Peeping Tom! No, It’s Google Street View.

The recorded legal enforcement of privacy dates back to at least 1361, when Justices of the Peace Act in England provided for the arrest of Peeping Toms and eavesdroppers. In the 1760s, English Parliamentarian William Pitt wrote: “The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow though it; the storms may enter; the rain may enter – but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement.” Translation: One’s home is one’s castle.

The right to be free from unlawful searches and seizures and intrusions into one’s home is among the earliest expressions of the legal right to privacy. Today, privacy has been woven into the fabric of the laws and regulations of most countries throughout the world. The Preamble to the Australian Constitution states: “A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organizations to intrude on that autonomy. Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech. Privacy is a basic human right and the reasonable expectation of every person.” The 1948 Universal Declaration of Human Rights may well be the first multi-national, international legal document moving privacy to the level of a legally enforceable principle, noting that no one should be subject to arbitrary interference with privacy, family, home or communication, nor attacks on honor or reputation, and that each individual should have the right to legal protection against such interference or attack. In 1965, the Organization of American States proclaimed the American Declaration of the Rights and Duties of Man, which called for protection of numerous human rights, including the right of privacy.

We’ve come a long way. Today, Google’s Peeping Toms are roving street cars equipped with cameras and are allegedly violating privacy rights left and right as they roam through your neighborhood. If you hadn’t heard, Google reported earlier this year that in the course of its Street View automobiles roaming the streets of cities in more than 30 countries, its picture-capturing vehicles had also accidentally gathered data over unsecured Wi-Fi systems. Oops! Some of Google’s woes stem from mistakenly collecting data it allegedly should not have, although many privacy advocates and some regulators are protesting the actual picture-taking itself – even though the streets are public – not just the inadvertent capture of such data. Google has agreed to delete Wi-Fi data collected accidentally and has apologized (e.g., New Zealand, United Kingdom) for collecting personal data (e.g., personal emails, passwords) from wireless networks.

Although this past October (2010), the FTC in the United States indicated its inquiry into violations of privacy by Google’s Street View cars was ended – noting that Google had made efforts to increase its privacy and security processes and compliance procedures – Google is still facing a slew of questions, objections and government inquiries. Inquiries remain pending from attorneys general in a number of U.S. states, and at last count, about six or seven actual or putative class-action suits were pending.

In Germany, regulators have forced Google to agree to allow individuals to opt out of Street View and, when doing so, there will be computer-generated pixilation of their houses, instead of a photo, effectively blurring detail. Even with Google’s recent actions to bolster its compliance and sensitivity to privacy concerns, German investigators may still pursue investigations and violations. Indeed, investigations are also underway in Australia, France, Ireland, Italy and Spain.

In the “you can’t make this up” category on the subject, Legal Bytes recently saw a report that a woman in Japan is suing Google for about $7,000 for psychological damages because images of her underwear have appeared on the clothes washing/drying line outside her home displayed on Google Maps. Mainichi news service in Japan reports that part of her allegations state: “I was overwhelmed with anxiety that I might be the target of a sex crime. It caused me to lose my job and I had to change my residence.”

When do public photographs become grist for the Peeping Tom mills? What about government surveillance? Satellite photos? Drone imagery? I, for one, am giving up sunbathing on the roof from now on!

Privacy is a dynamic and evolving concept – one not uniformly dealt with or perceived around the world, or even within nations. Privacy is often blurred with identity issues or security principles, in some cases overlapping and in others just emotionally charged rhetoric. Witness the recent FTC and Department of Commerce reports, each ostensibly dealing with “privacy.” You can read about it on blogs posted by our Global Regulatory Enforcement Group, as well as right here on Legal Bytes (see, ‘Tis The Season To Issue Privacy Reports – NTIA Green Paper, Protecting Consumer Privacy – FTC Issues Staff Report and Privacy & Data Security Bills After the Midterm Elections), or search “privacy” in the search box in the left side navigation bar. But there is no substitute for getting the advice, counsel and guidance about your own particular situation from legal representatives who deal with these issues – in the United States and around the globe. So if you do need assistance, call me, Joseph I. (“Joe”) Rosenbaum, global chair of Rimon’s Advertising Technology & Media law practice, or any of the Rimon attorneys with whom you regularly work.

‘Tis The Season To Issue Privacy Reports – NTIA Green Paper

Just a few moments ago, in their own words: "The Commerce Department Office of the Secretary, leveraging the expertise of the National Telecommunications and Information Administration ("NTIA"), the Patent and Trademark Office ("PTO"), the National Institute of Standards and Technology ("NIST"), and the International Trade Administration ("ITA"), has created an Internet Policy Task Force to conduct a comprehensive review of the nexus between privacy policy, copyright, global free flow of information, cybersecurity, and innovation in the Internet economy." That introduction prefaced the release by the NTIA of its "Green Paper" (which you can download and read), Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.  The Federal Register notice of this paper will seek public comments, noting that they will be due on or before January 28, 2011. 

While Legal Bytes and Rimon will digest the report more thoroughly and report to you in the days and weeks ahead, the report at first blush focuses on four major themes:

  • Support for Fair Information Practices Principles (FIPPS), noting the need and importance of greater transparency, consumer control and data security
  • Support for self regulation
  • Creation of a national Privacy Policy Office to coordinate voluntary, enforceable, self-regulatory programs
  • The need for greater harmonization of privacy laws and self regulation internationally

Stay tuned for further information and analysis, but if you want to be part of the conversation; if you feel you should have a voice in the discussion and are considering submitting comments; or if you simply want to better understand the implications, the interplay between this report and the recently released FTC report (see Protecting Consumer Privacy – FTC Issues Staff Report)posted on Legal Bytes December 2, 2010), please don’t hesitate to contact me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

IMHO – Wiki Wiki True to Its Meaning

According to Tech Terms, “wiki” comes from the Hawaiian phrase “wiki wiki,” which means “super fast.” I guess if you have thousands of users launching denial of service attacks (see below) against targeted web sites – well “super fast” spells super trouble. Which has prompted me to write this article “IMHO” (in my humble opinion) – IMHO being a social media nod to the kewl gnu SMS lingo.

So, doesn’t it seem as if this WikiLeaks thing has gotten out of hand? Now in fairness, in my view there are intelligent points being made on both sides of the issues – national security is important; so is freedom of the press and speech. There are also rights and responsibilities on both sides of the issues – private censorship is not something that sits well with those of us who value the right to hear and voice differing opinions and thoughts; yet using a “free speech” argument to allow someone to scream fire in a crowded theatre – even when none exists – can cause harm to innocent people and is, again in my view, irresponsible, if not illegal.

So if you have been following this Wikileaks issue, you already know about the leak of U.S. diplomatic cables by or through WikiLeaks, and unless you have been living under a rock, you have also noticed the arrest of WikiLeaks founder, Julian Assange. All of this has resulted in a dramatic and well-publicized series of “cyber attacks” from “hacktivists” primarily using a disruptive technique known as “denial of service attacks.”

Curiously, the arrest of Mr. Assange in London has nothing to do with the current controversy over confidential and sensitive material that is giving rise to the tensions across the Internet. Mr. Assange’s legal problems stem from an international warrant issued by Sweden, where he is accused of rape, molestation and unlawful coercion by two women in connection with sexual encounters he reportedly had while he was in Sweden last summer. Mr. Assange apparently confirmed the encounters, he has denied the allegations of assault, and he has not yet been formally charged in either of the women’s cases.

The disruptions on the Internet and outcry against his treatment (or the treatment of his company) are not about his personal problems, but rather have taken on a life of their own as a poster child for the principle of “information needs to be free.” Somehow, WikiLeaks has become a symbol, a rallying cry, for the cause of free speech and information transparency, being championed by activists around the world, the activities of some of whom has allegedly already resulted in:

  • The Swedish government website was offline for several hours, and arms of the Swedish postal service, the websites of Swedish prosecutors, and at least one lawyer, were the targets of attacks.
  • Both MasterCard and Visa, whose banking and financial institution members stopped accepting payment transactions in support of either WikiLeaks or Mr. Assange’s defense, were subject to attack (e.g., reportedly Visa’s website and MasterCard’s “secure code” system was affected – in the case of MasterCard, apparently preventing some online transactions from being processed for several hours.
  • Just today we read of allegations and reports that Sarah Palin’s credit card information and the website of her political action committee were hacked because she referred to Mr. Assange on ABC News yesterday as “an anti-American operative with blood on his hands,” and U.S. Senator Lieberman’s website was impaired and anonymous SPAM faxes sent to the Senator’s office after he called for an investigation of The New York Times, which had published articles with details of the diplomatic cables leaked by WikiLeaks.

As Mr. Spock, the iconic “Star Trek” character played by Leonard Nimoy, might have remarked well into the future: “Fascinating!” Well the future is now.

So what should you do? First you should read my partner, Douglas J. Wood’s recent opinion piece on Corporate Counsel, entitled “Say Hello to the World’s New Sovereign Nations: Facebook, Google and RIM.”  (subscription required) When you finish, head straight to YouTube and watch the clip (my title) “There’s a War Out There” from the incredibly prescient motion picture “Sneakers,” with Ben Kingsley and Robert Redford. You might also grab a copy of An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths, by Glenn Reynolds. Oh, and in case anyone is thinking about my Legal Bytes post more than a year ago, entitled FTC (Revised) Endorsement Guides Go Into Effect, rest assured I have no interest (other than intellectual) in either my partner’s publication, the motion picture production, or the book or publishing company noted.

It is likely, some of the “attacks” may lead to criminal prosecution or civil litigation, or both. It is also likely that companies and governments may rethink their security and dependence on digital technology, as well as their activities and responses to events such as these. Protests of this nature, irrespective of one’s view or one’s “side,” are now occurring on a scale, orchestrated by individuals dispersed throughout the globe, in a manner that might make taking to the streets or holding passive sit-ins or hunger strikes in the halls of legislative bodies passé. Further, the effects of such activities on innocent people should not be underestimated. While the United States holds dear the Constitutional rights of free speech and freedom of the press, that does not include the right to create panic or harm or injury to others. There is a line between voicing one’s support and opinion, freely heard in the blogosphere, and illegal conduct that damages persons and property.

So after reading this and the references cited, ask yourself the following question: Is this a technology problem? A political problem? A national security problem? A public relations problem? A legal problem? It is probably worth noting, since my partner Doug Wood mentioned it after reading a draft, that the freedoms of speech and the press (and assembly, etc.) that are embedded in the U.S. Constitution are not the norm around the world. We often lose sight of the fact that these rights (and the passion and zealousness with which we cherish them and defend them) are not the global norm – yet. But, technology has enabled activities and communication unimaginable in the past. It can be a force for good or bad – sometimes both. Now comes the revolution? Fascinating! But that’s just my opinion.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

Protecting Consumer Privacy – FTC Issues Staff Report

This post was written by Paul Bond, Chris Cwalina, Amy Mushahwar and Fred Lah.

The FTC just released its long-awaited Protecting Consumer Privacy in an Era of Rapid Change. This preliminary staff report proposes a major change in U.S. privacy law. The FTC is accepting comments on this report until January 31, 2011, and if you could be affected by these changes and would like to submit comments, or if you are considering submitting comments to the report (or perhaps you aren’t sure if you should), Rimon can help. While we are still reviewing the 123-page report in depth, we wanted to share a few thoughts from an initial reading.

The report proposes a major change in the framework of U.S. privacy law, stating bluntly: “Industry must do better.” The report notes, among other things:

  • Notice-and-consent doesn’t work. People don’t read or understand privacy notices as now written. The Commission’s view is that privacy policies have become “long” and “incomprehensible.”
  • Waiting for harm to consumers isn’t an effective way to enforce privacy norms. Harm has traditionally meant economic or physical harm. Privacy harms include reputational harms and even the emotional harm of having one’s information “out there,” or “fear of being monitored.” The new framework must address and allay these anxieties; however, there is some disagreement among the Commissioners. Commissioner J. Thomas Rosch, in his concurrence, notes “the Commission could overstep its bounds” if it were to begin analyzing these more intangible harms when assessing consumer injury.
  • Industry self-regulation is too little, too late, and has failed to provide adequate and meaningful protection.

The report challenges a number of privacy and security assumptions. The report:

  • Casts severe doubt on claims that de-identified information need not be protected, citing multiple instances and methods by which personally identifiable information (PII) can be culled from “non-name” information (e.g., IP addresses, other unique identifiers). The distinction between PII and non-PII is, the report says, “of decreasing relevance.” Consequently, the scope of the report is very broad and applies to “all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer or other device.
  • Purports to apply in the online and offline world, and not only to companies that work directly with consumers.
  • Suggests that consumers must be made aware of and consent to onward transfers of information to non-affiliates no matter what the industry, universalizing the consumer notice requirements that previously only applied to certain highly regulated industries (e.g., telecommunications, education, health care, financial services), or certain types of sensitive data (e.g., credit data, bank accounts, medical records).
  • Distinguishes between “commonly accepted data practices” and all other data practices. Borrowing from GLBA and HIPAA, using data to aid law enforcement, or in response to judicial process or to prevent fraud, would not require notice to or consent of consumers, but ALL other data practices (e.g., behavioral advertising and deep packet inspection that are explicitly named as not commonly accepted data practices) would require notice and consent in a form easy to read and understand, ideally provided to the consumer when the consumer enters his or her personal data. The report suggests opt-in consent be obtained prior to implementing any material changes to company policy that would apply to data collected under a prior privacy policy.
  • Suggests that to promote a free and competitive market, the privacy practices of companies need to be more transparent to consumers, and that consumers be given “reasonable access” to their data.
  • Notes that appropriate data-retention periods should be a legal requirement. The report sites geolocation data as especially important to phase out.
  • Endorses a “Do Not Track” mechanism, recognizing that such a mechanism would be far more complex than the National Do Not Call registry. The FTC supports either legislation or self-regulatory efforts to develop a system whereby a consumer could opt not to be “tracked.” The FTC has expressed a distinction between “tracking” and “interest-based” advertising. And, in later discussions regarding the report, the FTC has stated that it will treat first-party advertising more favorably than third-party ad servers. The FTC has not decided on the technical mechanism for creating such a registry, but it recognizes a browser-based solution – similar to the privacy plug-in on the Firefox browser or incognito mode in Google Chrome. The FTC has not indicated if opt-in or opt-out would be the default browser setting for any browser privacy technology deployed.

So what should businesses do?

First, companies should carefully review the report and all the questions made open for public comment. These are listed in Appendix A to the report, but additional questions are posed in the Commissioner dissent statements.

Second, companies should strongly consider commenting on the report. In our experience, the FTC will listen and often address business concerns. But you must be heard. Trade associations are a good place to start, but individual company voices are important, especially if you have unique issues that should be addressed.

Third, now is a good time for you to pull back and consider your privacy policies, practices and programs, and the extent to which privacy is incorporated into your everyday business practices. The report suggests every company should adopt “privacy by design,” “building privacy protections into everyday business practices,” “assigning personnel to oversee privacy issues, training employees on privacy issues, and conducting privacy reviews when developing new products and services.”

You can read and obtain a copy of the FTC’s full report here.

If you need help, want more information, want to comment, or simply require some guidance – whether counsel or representation – in an area that is of critical importance to businesses and consumers, please don’t hesitate to contact Paul Bond, Chris Cwalina, Amy Mushahwar, Fred Lah or me, Joe Rosenbaum, or any of the Rimon attorneys with whom you regularly work.