Today, in a 5-4 decision, the US Supreme Court ruled that the government’s acquisition of information regarding an individual’s location based on a cell phone record amounts to a Fourth Amendment search and generally requires a warrant.  In Carpenter v. United States, the government obtained nearly 13,000 location points on Carpenter’s movements over a

In March of this year, we told you that the D.C. Circuit Court of Appeals issued a decision in ACA Int’l. v. FCC, wherein the court set aside two FCC interpretations of the Telephone Consumer Protection Act, or TCPA. Specifically, the court ruled that the FCC’s interpretation as to what constitutes an autodialer under the TCPA was unreasonably expansive, and that the FCC’s treatment of reassigned numbers was also overly broad.

On May 22, the United States District Court for the Northern District of Georgia, Atlanta Division, issued a decision further restricting the scope of the TCPA. By way of reminder, the Congress passed the TCPA in 1991 in an effort to curb robo calls.  The case involved calls made by a debt collector to a former Comcast customer.  She sued, claiming that the calls were impermissible under the TCPA.  An essential aspect of the TCPA claim at issue was that the call must be made through the use of an “automatic telephone dialing system”, or ATDS, as defined in the statute.
Continue Reading District Court Gives Narrow, Reasonable Scope to TCPA

In August, 2017, the Federal Trade Commission (“FTC”) proposed a settlement agreement with Uber stemming from its investigation of a 2014 data breach due to Uber’s “unreasonable security practices”. The lengthy investigation found that Uber’s employees were accessing customer’s personal information, and that there were security lapses in Uber’s third-party cloud storage service. That settlement agreement required Uber to implement a “comprehensive privacy program”; however, the agreement was withdrawn by the FTC and amended recently. Why, you ask? Uber experienced a second data breach in 2016, while the investigation from the 2014 breach was well underway. The 2016 breach was a result of those same security lapses in the third-party cloud storage service and Uber waited over one year to report that second breach. Uber’s handling of the second breach continued its trail of misconduct, clearly demonstrating that the company had not learned its lesson.
Continue Reading Uber Goes 0-2 in Data Breach Notifications

In a report released on April 5, 2018, the Government Accountability Office (GAO) concluded that the Centers for Medicare and Medicaid Services (CMS) has not done enough to adequately protect the electronic data of Medicare beneficiaries.  There are over 59 million Medicare beneficiaries and beneficiary information contains some of the most sensitive personal information, making it very attractive to criminals.  Therefore, CMS’s protection of that data is critically important.
Continue Reading GAO Says CMS Must Do More to Protect Medicare Info

On March 16, a year and a half after hearing oral argument, the D.C. Circuit Court of Appeals issued a long-awaited decision overturning two of the Federal Communications Commission’s (FCC) far-reaching interpretations of the Telephone Consumer Protection Act of 1991 (TCPA). A number of regulated entities filed an action against the FCC challenging several of the FCC’s conclusions in a 2015 order related to cell phones. 
Continue Reading D.C. Circuit Reins in FCC’s Overbroad TCPA Interpretations