HHR New Media, Entertainment and Technology Group

In the wake of the recently publicized data breach involving Sony’s PlayStation and Online Entertainment networks, Congress appears ready to accelerate its efforts to enact legislation to implement regulations intended to prevent future breaches and provide a framework for enforcement in the event of a breach.  The data breaches at Sony, which occurred on two separate occasions (at the end of April and then again at the beginning of May), involved more than 100 million accounts. The data that was leaked included information about PlayStation subscribers such as names, addresses, emails, passwords, usernames, birthdays, phone numbers and purchase histories.   Continue Reading »

Last Tuesday, U.S. Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) introduced the Commercial Privacy Bill of Rights Act of 2011 which is intended to “establish a regulatory framework for the comprehensive protection of personal data for individuals under the aegis of the Federal Trade Commission.”  According to the bill, current laws at the state and federal level provide inadequate privacy protection for individuals and the Federal Government has “eschewed general commercial privacy laws in favor of industry self-regulation” which has largely been unenforceable and has provided insufficient privacy protections.  Continue Reading »

As discussed in our recent webinar “Whose Data Is It Anyway: Privacy in the De-Centralized Digital World”, currently there is no comprehensive federal statutory scheme to govern the protection of privacy.  While lawmakers and agencies at the federal level continue to grapple with developing useful legislation to address privacy and security breach concerns, lawmakers in three states recently introduced legislation in attempts to strengthen their respective state’s security breach notification systems. Continue Reading »

In one of the latest advances in what has been called “a technological arms race between tracking companies and people who seek not to be monitored,” device fingerprinting, a technology originally developed to prevent software piracy and credit card fraud, appears set to become a powerful new tool for online marketers.  But recent calls to increase consumer control of personal information will likely impact how device fingerprinting technologies are integrated into marketing efforts and may slow its widespread adoption. Continue Reading »

The recent Wall Street Journal report revealing that some of Facebook’s most popular applications have been leaking user information has brought attention to a little-known corner of the Web advertising business.  And that attention may ultimately lead to substantial changes in the way companies do business both with Facebook and throughout the wider Web. 

The Facebook disclosures were the result of a common Web standard called a referer.  As web users navigate from site to site, the referer tells the new site which page the user is coming from.  Most of the time, this is an innocuous tool used to help websites track the source of their traffic flow and customize user experience.  However, when user IDs are included in web addresses, as is the case with Facebook and other social networking sites, this practice could potentially expose the browser’s identity.  The user IDs can be used to look up public information on the user’s Facebook profile, which, depending on the selected privacy settings, could include anything from the user’s name to his age, hometown, or even photos. Continue Reading »