Posted on January 29, 2010 by Davis Wright Tremaine

Washington State Court of Appeals Rejects Novel Privacy Claim Based on Dissemination of Unsubstantiated Information

By Eric M. Stahl and Sarah K. Duran

The Washington Court of Appeals this week held that state law does not recognize a cause of action for invasion of privacy based on “negligent dissemination of unsubstantiated information.” Corey v. Pierce County, Case No. 62505-5 (Wash. App. Jan. 25, 2010).

The case is good news for Washington state media. It squarely rejects an expansive reading of the 2008 Bellevue John Does public records case and the emerging theory that truthful reporting about criminal investigations is actionable—a theory that, were it to be accepted by the courts, would upend decades of established defamation law.

Continue Reading...
Tags: ,
Posted on February 19, 2009 by Joseph M. Wallin

April Showers Bring May Flowers & Identity Theft Compliance Deadlines


By Charlene A. Brownlee and Ronald G. London

Finding it difficult to keep up with the growing body of federal and state privacy regulations? You are not alone. In fact, the deadline for compliance with the Massachusetts Standards for the Protection of Personal Information (the Regulations) have been extended twice, recognizing organizations require more time to develop comprehensive identity theft prevention programs. The new compliance date, announced Feb. 12 by the Massachusetts Office of Consumer Affairs and Business Regulation, is Jan. 1, 2010.

If your business is subject to the Federal Trade Commission's (FTC) Red Flag Rules, your identity theft prevention program must be in place by May 1, 2009. As you finalize your Red Flag Program, keep in mind the requirements of the Massachusetts Regulations, which are more onerous than the requirements of the Red Flag Rules in certain regards. For example, the Regulations impose more specific data security requirements such as the encryption of laptops and portable media.

Let us know if you have any questions or would like us to assist you in creating or administering such a program. Continue reading...

Tags:
Posted on November 17, 2008 by Joseph M. Wallin

Businesses Given More Time to Comply with New Mass. Data Security Regulations

By Randy Gainer and John D. Seiver

In a press release issued Nov. 14, 2008, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) extended the deadline for complying with its new regulations specifying how businesses must protect personal information about Massachusetts residents.

As we described in our September 2008 advisory, the regulations, 201 CMR 17.00, require businesses that store or process information about Massachusetts residents to encrypt documents sent over wireless networks and the Internet, to encrypt documents stored on laptops and other devices, to use firewalls and other security measures to protect the data, and to ensure that their service providers have the capacity to keep the data secure. The regulations had been scheduled to take effect Jan. 1, 2009. Continue reading...

Tags:
Posted on July 9, 2008 by Joseph M. Wallin

"Red Flag" Identity Theft Programs Required by November 2008

July 9, 2008

By John D. Seiver and Ronald G. London

Yesterday the Federal Trade Commission (FTC) formally reminded financial institutions and creditors of the upcoming November 2008 deadline for implementing identity theft prevention programs in compliance with the "Red Flag" Rules that were jointly adopted last year by the FTC and five other federal agencies (the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration)

As explained in this advisory, all types of financial institutions and most electronic service providers (including video, Internet and voice service providers) will have "covered accounts" governed by these new rules and therefore must have designed, implemented and begun operating an internal system to detect and combat identity theft no later than November 1, 2008.

The FTC issued a gentle reminder yesterday that companies should be well along in getting their identity theft programs in place. The FTC also launched an outreach effort to explain the rules, which included publication of a very general alert on what the rules require and what types of businesses must comply. Continue reading...

Tags: , , , ,