Main Menu
Privacy Issues in the News - 6/9/2009

Greenebaum Doll & McDonald PLLC’s Privacy Team is a multidisciplinary group formed to assist clients in understanding and complying with the increasing number of privacy and security laws and regulations being passed by state and federal government.

Members from Greenebaum’s Privacy Team bring knowledge from a broad range of practice areas including health care, insurance, employee benefits, labor, intellectual property, information technology, corporate, banking and finance, and education.

The following is a summary of recent privacy issues in the news.  If you have questions regarding privacy law issues, please contact us.

In this issue:
Lawyers Not to Mislead Witnesses into Granting Access to Facebook/MySpace Pages
FTC Again Delays Enforcement of Red Flag Rules; Also Releases Compliance Guidance
"Anonymization" of Data Does Not Ensure Privacy
Police Need Warrant to use GPS Tracking Device
No Cause of Action for Negligent Investigation

Lawyers Not to Mislead Witnesses into Granting Access to Facebook/MySpace Pages – The Philadelphia Bar Association’s ethics committee was asked to render an opinion on whether it was proper for an attorney to employ a third party to access a witness’s social web pages by "friending" the witness, with the intent to use the accessed information to impeach. The 18-year-old witness routinely grants access to her pages to anyone who asks. The attorney instructed the third party not to lie to her but also not to reveal his affiliation with the attorney or the lawsuit. Finding that this scenario was not similar to the accepted practice of videotaping public conduct, but was instead gaining access to a private area through deception, the committee determined that the investigator’s communication to the witness would be deceptive by omission and that the attorney accountable for the investigator’s conduct would be in violation of the Rules of Professional Conduct. While the availability of personal information has increased dramatically through social networking sites, attorneys must be mindful that the same rules preventing deceptive conduct in the bricks and mortar world apply online as well.

FTC Again Delays Enforcement of Red Flag Rules; Also Releases Compliance Guidance – Acknowledging public debate about whether Congress intended physicians’ offices and certain other small businesses to be "creditors" within the meaning of the rule, and under criticism from the American Medical Association to revisit the issue, the Federal Trade Commission again suspended enforcement of the Red Flag identity theft rule, which will now become effective August 1, 2009. In the meantime, the FTC has released a compliance guide for low-risk creditors. While still defining "creditors" broadly, the guide makes clear that low-risk entities need only adopt identity theft prevention programs commensurate with the risk.

"Anonymization" of Data Does Not Ensure Privacy – Recently presented research from the University of Texas shows that stripping personal information from data collected on social networks does not eliminate the privacy risk associated with the data. Starting with "anonymized" data sets about individual users, the researchers mapped out the social connections on Twitter and Flickr, enabling them to identify individuals by looking at their networks of friends. The technique does not work every time, but it does challenge the premise of behavioral targeting companies and other online marketers that data can be successfully anonymized to protect personal privacy. If your website’s privacy policy promises not to share personal data, think twice about sharing any information that is stripped of identifiers but is still individual and not aggregated.

Police Need Warrant to use GPS Tracking Device – A split New York Court of Appeals has ruled that placing a GPS device on the defendant’s publicly parked car, tracking the vehicle for over two months, and using the collected data to convict the defendant of burglary was a violation of the state’s warrant requirements. The court found that because there is a socially reasonable expectation of privacy despite advances in technology, the gathered information should have been suppressed at trial.

No Cause of Action for Negligent Investigation – The Supreme Court of New Jersey declined to recognize a claim arising from the alleged negligence of a bank’s certified fraud investigator because the defendant bank did not owe the plaintiff victim of identity theft a duty of reasonable care. An identity thief opened an account at the bank using the victim’s name. The bank’s certified fraud examiner was told by the police department that there was a known ID thief using that name and social security number to defraud other financial institutions. The examiner also had surveillance tapes which he did not compare with photos of the victim. Nevertheless, his investigation resulted in two criminal complaints against the victim, who spent 13 days in jail before his attorney was able to establish that he was the victim of identity theft. The Court granted summary judgment for the defendant bank, holding that New Jersey has no cause of action for negligent investigation.

Even though the content of the above Greenebaum Doll & McDonald e-bulletin is primarily informative, state and federal law obligates us to inform you that this is an advertisement. You have received this advisory because you are a client or friend of the firm.

About Greenebaum Doll & McDonald PLLC
Greenebaum Doll & McDonald PLLC is a widely-respected business law firm with approximately 200 legal professionals in six offices, serving local, national and international clients in virtually every industry. A forward-thinking business law firm, Greenebaum is committed to the practice of Breakthrough Law®.

Copyright 2009 Greenebaum Doll & McDonald PLLC. All Rights Reserved.



Recent Posts




Back to Page