Data Privacy & Cyber Security

Overview

How companies collect and use consumer data – and how they inform consumers of those practices – is increasingly in the public eye. With several high profile data mining debacles, online privacy is a hot topic among government regulators, consumer advocacy groups and industry leaders. It’s also a topic generating attention among consumers. These days, consumers are more regularly reading websites’ and apps’ terms and conditions, which they used to hastily click through. And government agencies and private groups are policing companies’ practices to monitor whether companies are complying with their own privacy policies.

Companies doing business online need to think hard about their privacy policies. Increasing numbers of enforcement actions to ensure companies comply with privacy policies leads to the reality that companies also need to vet their data collection and usage practices.

Ifrah Law offers extensive experience in drafting privacy policies for various clients and website operators, as well as in litigation of privacy matters dealing with issues of data and information. Attorneys represent businesses and individuals with counsel on information storage and rights of retrieval, including criminal background websites and children’s privacy protections online through COPPA.

Ifrah Law’s GDPR Services

The General Data Protection Regulation, or GDPR, takes effect on May 25, 2018, and it will dramatically change the way that companies which collect, store or mine the personal data of European residents do business. Failure to comply risks lawsuits and significant fines.

Ifrah Law can help you navigate the oncoming revolution in how companies handle personal data. Our reasonably priced fixed fee program will review your current business practices and update your provisions and protocols to help your organization become GDPR compliant.

For more information click here.

 

Publications + Presentations
July 20, 2015 | Publication

The Spy In Your Pocket

Read more

Case Studies

Takedown Notice Success for an International VIP

When a blogger posted information from a hacked computer about an important Middle Eastern leader, Ifrah Law was asked to help. The site contained threats to the national security of the politician’s country as well as the United States – and to the life of the politician. The matter needed immediate attention and we responded to get the site (and others where the statements had been posted) taken down.

The case was made more complex when two web hosting companies created a sub-domain for the website, and refused to disclose their users – as is their privacy policy.

But the law offers some remedies of its own. One is the Digital Millennium Copyright Act (DMCA), which is U.S. copyright law as well as part of two World Intellectual Property Organization (WIPO) treaties. The DMCA assigns no liability to an Internet service Provider (ISP) for transmitting information that may infringe a copyright, but it forces the ISP to remove materials from users’ websites that appear to be copyright infringement. The DMCA provides for a takedown notice to be sent to an infringer’s ISP.

Ifrah Law successfully utilized takedown notices with two of the blogger’s ISPs as well as Facebook and is pursuing other sites. We impressed upon the web hosting companies that the content posed an immediate threat to national security. We also emphasized to one company that the blogger had violated their terms and conditions.

Privacy issues on the Internet may be rampant, but they do not have to be a fact of life.

Ensuring TCPA Compliance for a Global Provider of Customer Management Services

On behalf of our client, a leading provider of customer management services with call centers around the world, Ifrah Law led a full-scale review of its customer communications to ensure that they comply with federal and state requirements, including those of the TCPA and the FTC’s Telemarketing Sales Rule (TSR). We addressed the many different types of calls that the company undertakes on behalf of its varied customer base – service calls, appointments, live sales calling and pre-recorded calls – to ensure that its call centers are using consistent protocols and controls in the United States, and that these protocols are in compliance with the TCPA and TSR. Our client trusted Ifrah Law with this extensive project due to our long history with managing TCPA matters – we have been involved with the TCPA since its inception in 1991 – and due to our prior work for the client, including successfully representing the client in two FCC inquiries.

We worked with the company’s Director of Privacy to develop a thorough understanding of the types of calls that the company makes for its customers, and the contractual protections that are in place and which could be revised to protect the company further. A critical aspect of this project was to educate leaders within the company that there are different TCPA requirements based on the type of call: technology used, person being called, whether the call is pre-recorded or live; mobile or business. We also wrote the call center guidelines and controls to ensure that all employees – from those being trained to the marketing team – had the same information regarding how to handle different types of customer call projects.

This large-scale process took a year to complete. Once the documentation was finalized, our client was ready to begin a company-wide training program on the guidelines, well in advance of TCPA rule changes.

Blog Posts
September 26, 2017

GDPR D-Day: If Not Prepared, It Could Cost You Europe

GDPR D-Day:  If Not Prepared, It Could Cost You Europe

GDPR D-Day: May 25, 2018. If you are not prepared, the results could cost you Europe. In the U.S., we’ve had a pretty business-friendly approach to consumer data protection. And while federal and state authorities have their respective consumer protection laws, there is no single federal law that clearly defines U.S. policy on how consumer… Read More

April 22, 2017

The FTC’s Role in Privacy

The FTC’s Role in Privacy

Acting Chairman of the Federal Trade Commission, Maureen Ohlhausen, answered questions about the FTC’s current role in data privacy before a crowded audience at the April 2017 IAPP Global Privacy Summit in D.C.  Below are some take-aways we wanted to share from Commissioner Ohlhausen’s talk: Even if out of ISP oversight, the FTC is actively… Read More

January 12, 2017

Online Reviewers Get New Protections

Online Reviewers Get New Protections

Your business booked a large charity event.  However, the customer contact turns out to be a nightmare. She complains (during and after the event) that the service was slow, the food looked and tasted like a frozen meal, and the drinks were watered down.  She even claims she was overcharged.  You reviewed the situation and,… Read More

January 4, 2017

Can Your Pacemaker Be Hacked?

Can Your Pacemaker Be Hacked?

Tom Kellermann, CEO of Strategic Cyber Ventures guest co-authored this post. A famous Homeland episode involved a terrorist gaining access to the Vice-President’s pacemaker.  Accessing medical devices to wreak havoc was one of the motivations behind certain provisions of the Digital Millennium Copyright Act (aka the DMCA).  The DMCA makes it “illegal to circumvent technological… Read More

November 10, 2016

How The FTC Guides Businesses Through Data Breaches

How The FTC Guides Businesses Through Data Breaches

The Federal Trade Commission (“FTC”) recently released a data breach guide for businesses, along with a video and blog to help companies following the immediate aftermath of a data breach.  The FTC also provides a model data breach letter to notify individuals of a breach.  The agency – which views itself as the nation’s primary… Read More

April 20, 2016

Judge Flunks Case Against LabMD, FTC Appeals

Judge Flunks Case Against LabMD, FTC Appeals

In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13,… Read More

April 5, 2016

Wells Fargo Learns That Recording Calls In California Can Be Costly

Wells Fargo Learns That Recording Calls In California Can Be Costly

In the past few years, many organizations such as Capital One, Bass Pro Outdoor, and the Cosmopolitan Hotel have faced class actions alleging violations of California’s call recording law.  This week, California’s Attorney General demonstrated that her office, working with state prosecutors, will also vigorously enforce the law under the state’s criminal statutes.  Attorney General… Read More

March 10, 2016

Latest German Sausage? Privacy-Wurst by Facebook

Latest German Sausage? Privacy-Wurst by Facebook

Despite not being explicitly mentioned in the Constitution, the Supreme Court has firmly held that a right to privacy for all Americans is found in several amendments to the Constitution, with almost 100 years of case law providing precedent for many personal privacy rights that have become a cornerstone of American culture. However, in this… Read More

November 3, 2015

Highlights And Takeaways from the October 30th FTC Lead Generation Workshop

Highlights And Takeaways from the October 30th FTC Lead Generation Workshop

  Exploiting consumers and exploiting consumer data were popular themes in the FTC’s October 30th workshop on lead generation, “Follow the Lead.” The day-long workshop explored the mechanics of lead generation and its role in the online marketplace. With a focus on the lending and education spaces, panelists discussed the many layers of marketing involved… Read More

July 9, 2015

State Attorneys General Tell Congress: “Back-Off Our Data Breach Authority”

State Attorneys General Tell Congress: “Back-Off Our Data Breach Authority”

  Every week, we learn about new data breaches affecting consumers across the country. Federal government workers and retirees recently received the unsettling news that a breach compromised their personal information, including social security numbers, job history, pay, race, and benefits. Amid a host of other public relations issues, the Trump organization recently discovered a potential… Read More

May 26, 2015

Keeping Your Privacy Promises: Retail Tracking and Opt-Out Choices

Keeping Your Privacy Promises: Retail Tracking and Opt-Out Choices

  As children, many of us were taught how important it is to “keep your word.” Similarly, it is black letter privacy law that if a company commits (for instance, in a privacy policy or in website statements) to certain actions or practices, such as maintaining certain security features or implementing consumers’ choices on opt-outs,… Read More

May 20, 2015

Yelp Fights for the Right to Complain Anonymously

Yelp Fights for the Right to Complain Anonymously

  In e-commerce, user reviews can make or break a business.  Review sites such as Yelp are a double edged sword for merchants and service providers: on one hand satisfied customers can generate buzz about the company and bring in new customers, and on the other hand dissatisfied customers can use it as a very… Read More

March 6, 2015

Why the FTC Can Go After Companies For Insufficient Data Security Allegations

Why the FTC Can Go After Companies For Insufficient Data Security Allegations

  FTC seems more confident than ever in its authority to go after companies with insufficient data security measures. As of January 2015, FTC had settled 53 data-security enforcement actions, and FTC Senior Attorney Lesley Fair expects that number to increase. Not everyone is sanguine about FTC’s enforcement efforts. Companies targeted for administrative action complain… Read More

March 2, 2015

The Federal Wiretap Act and the Law of Unintended Consequences

The Federal Wiretap Act and the Law of Unintended Consequences

  The law of unintended consequences – a distant cousin of Murphy’s Law – states that the actions of human beings will always have effects that are unanticipated and unintended. The law could prove a perfect fit for recent efforts by class action counsel to rely upon the Federal Wiretap Act in lawsuits arising from… Read More

February 20, 2015

Employers Running Background Checks: Top 10 Tips to Avoid Joining the Fair Credit Reporting Act Litigation “Club”

Employers Running Background Checks:  Top 10 Tips to Avoid Joining the Fair Credit Reporting Act Litigation “Club”

  What do Whole Foods, Chuck E. Cheese, Michael’s Stores, Dollar General, Panera, Publix, and K-Mart have in common?  Each of these companies has faced lawsuits (including class actions) under the Fair Credit Reporting Act (“FCRA”).  Although Congress passed the FCRA way back in 1970 and litigation has focused on credit reporting agencies’ duties under… Read More

January 28, 2015

International Data Privacy Day: Our Top 10 Data Privacy Tips

International Data Privacy Day: Our Top 10 Data Privacy Tips

It’s International Data Privacy Day!  Every year on January 28, the United States, Canada and 27 countries of the European Union celebrate Data Privacy Day.  This day is designed to raise awareness of and generate discussion about data privacy rights and practices.  Indeed, each day new reports surface about serious data breaches, data practice concerns,… Read More

December 15, 2014

Will New Facebook Rules Hurt or Help Small Businesses?

Will New Facebook Rules Hurt or Help Small Businesses?

  Health cleanses to lose unwanted weight in a matter of weeks!  Images of beautiful jewelry to be purchased at great prices that you can even resell! Personalized handbags made to order! If you have a Facebook account, it is more than likely you have seen many of these and similar posts by “friends” in… Read More

November 7, 2014

Report from an Energized Brand Activation Association Marketing Law Conference

Report from an Energized Brand Activation Association Marketing Law Conference

  Ifrah Law is a proud member the Brand Activation Association (“BAA”). This week, we attended the BAA’s 36th annual BAA Marketing Law Conference in Chicago.  Just as “Mad Men” reflects the 1960’s era advertising business, this year’s BAA conference demonstrated this generation’s marketing dynamic – where mobile is key, privacy concerns abound, and the… Read More

September 4, 2014

Federal Trade Commission Checks Out Mobile Shopping Apps

Federal Trade Commission Checks Out Mobile Shopping Apps

  In August, the Federal Trade Commission (“FTC”) released a staff report concerning mobile shopping applications (“apps”).  FTC staff reviewed some of the most popular apps consumers utilize to comparison shop, collect and redeem deals and discounts, and pay in-store with their mobile devices.  This new report focused on shopping apps offering price comparison, special… Read More

August 18, 2014

Recording Calls? Five Things You Can Do to Avoid the Litigation Frenzy

Recording Calls? Five Things You Can Do to Avoid the Litigation Frenzy

Restaurant chain Applebee’s has joined other businesses such as Overstock.com, Hilton, Capitol One, and Bass Pro Shops as defendants in purported class action lawsuits alleging that they illegally recorded calls to or from California residents.  In fact, plaintiffs have filed hundreds of individual and class actions in California courts under California’s various eavesdropping/call recording laws…. Read More

June 24, 2014

Disappearing Act Fails – Maryland Attorney General and FTC “snap” back at Snapchat

Disappearing Act Fails – Maryland Attorney General and FTC “snap” back at Snapchat

Recently, the Maryland Attorney General’s Office announced that it reached a settlement with Snapchat, Inc. over alleged deceptive trade practices in violation of Maryland law and violations of federal laws that are intended to protect children’s online privacy.  This is another reminder that state attorneys general’s offices will continue to be vigilant in addressing consumer… Read More

April 17, 2014

Don’t be a Jerk

blog image

Last week the Federal Trade Commission (“FTC”) charged the operators of Jerk.com with harvesting personal information from Facebook to create profiles for more than an estimated 73 million people, where they could be labeled a “Jerk” or “not a Jerk.” In the complaint, the FTC charged the defendants, Jerk, LLC and the operator of the… Read More

April 14, 2014

“Heartbleed” Bug – Antibiotics Won’t Help, Changing Passwords Might

blog image

After recovering from high-profile data breaches at Target and Neiman Marcus, signing up for free credit monitoring and analyzing our credit reports, a new Internet villain recently emerged:  the “Heartbleed Bug.”  The Heartbleed Bug is a security flaw present on Open SSL, popular software run on most webservers.  This open source software is widely used… Read More

October 4, 2017

Customer Data Collection: GDPR Changes Everything.

Customer Data Collection: GDPR Changes Everything.

Beginning on May 25, 2018, companies which process the personal data of European Union residents will be expected to comply with the General Data Protection Regulation, or GDPR. Even companies located in the United States are subject to this regulation, and violating its terms may result in class actions and hefty fines. If your company… Read More

May 19, 2016

Data Breach Lawsuits: Challenges Persist After Spokeo v. Robins

Data Breach Lawsuits: Challenges Persist After Spokeo v. Robins

Data breaches are as common as the common cold—unfortunately, just as incurable. Run a news search on “data breaches” and you’ll find that all kinds of institutions—major retailers, tech companies, universities, even government agencies—have been vulnerable at some point. Now run a search on “data breaches,” but include the word “lawsuit.” You’ll find that many… Read More

June 9, 2016

Keep It Short and Prosper

Keep It Short and Prosper

What a difference two words can make. Just ask the Center for Competitive Politics (CCP) or Americans for Prosperity (AFP), two organizations that filed separate lawsuits against the same defendant, California Attorney General Kamala Harris, over the same issue: whether Harris’s office had the right to access the organizations’ donor information. (The cases are Center… Read More