Privacy & Cybersecurity

On January 17, 2019, Hunton Andrews Kurth’s retail industry team, composed of more than 200 lawyers across practices, released their annual Retail Industry Year in Review publication.

Continue Reading Hunton Andrews Kurth Publishes 2018 Retail Industry Year in Review

In a 2017 interview, Nigel Travis, former CEO of Dunkin’ Brands, stated that “delivery will be the next wave” in the restaurant industry and that it would “be like a revolution,” occurring “faster than anyone thinks.” Travis was not wrong; in fact, recent statistics shared by Melissa Wilson at the 2018 Restaurant Leadership Conference show Travis’ prediction quickly taking hold – 86% of consumers are using off-premise delivery services at least monthly and one third of consumers are using it more than they did a year ago. By some estimates, delivery services are projected to grow at least 12% per year over the next five years. While a handful of restaurants are filling the delivery demand themselves, more and more restaurants are looking to third-party delivery service providers to help them connect with the consumer. In fact, “third-party delivery services like UberEats, Grubhub, and Postmates currently represent $9 billion in restaurant sales today, and they are predicted to account for $16 billion in sales by 2022.”

Continue Reading Restaurants on Wheels

The Federal Trade Commission announced the opening dates of its Hearings on Competition and Consumer Protection in the 21st Century, a series of public hearings that discuss whether broad-based changes in the economy, evolving business practices, new technologies or international developments might require adjustments to competition and consumer protection law, enforcement priorities and policy. The FTC and Georgetown University Law Center will co-sponsor two full-day sessions of hearings on September 13 and 14, 2018, to be held at the Georgetown University Law Center facility.

Panelists at the hearings will consider, among other topics, the regulation of consumer data and whether the U.S. economy has become more concentrated and less competitive. The FTC invites public comment on any of the issues.

More information is available on the FTC’s website.

As reported on Hunton’s Privacy and Information Security Law blog, on June 28, 2018, the Governor of California signed AB 375, the California Consumer Privacy Act of 2018 (the “Act”). The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. We previously reported on the relevant ballot initiative. The Act will take effect January 1, 2020. Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

As reported on Hunton’s Privacy and Information Security Law blog, the FTC has modified its 2017 settlement with Uber after learning of an additional breach that was not taken into consideration during its earlier negotiations with the company. The revised proposed agreement goes beyond the FTC’s original settlement mandating that Uber implement a comprehensive privacy program. The expanded FTC order would require Uber to address software design, development and testing; how the company reviews and responds to third-party security vulnerability reports; and prevention, detection and response to attacks, intrusions or systems failures. Uber also would be required to report to the FTC any episode where it has to notify any U.S. government entity about the unauthorized access of any consumer’s information. Continue Reading FTC Revises Its Security Settlement with Uber

As reported on the Hunton Privacy & Information Security Law Blog, on March 8, 2018, the Ninth Circuit Court of Appeals (“Ninth Circuit”) reversed a decision from the United States District Court for the District of Nevada. The trial court found that one subclass of plaintiffs in In re Zappos.Com, Inc. Customer Data Security Breach Litigation had not sufficiently alleged injury in fact to establish Article III standing. The opinion focused on consumers who did not allege that any fraudulent charges had been made using their identities, despite hackers accessing their names, account numbers, passwords, email addresses, billing and shipping addresses, telephone numbers, and credit and debit card information in a 2012 data breach.  Continue Reading Ninth Circuit Reverses District Court Decision in Zappos Consumer Data Breach Case

On January 18, 2018, Hunton & Williams LLP’s retail industry lawyers, composed of more than 100 lawyers across practices, released their annual Retail Year in Review publication. The Retail Year in Review includes many topics of interest to retailers including blockchain, antitrust enforcement in the Trump Administration, ransomware’s impact on the retail industry, SEC and M&A activity in 2017, cyber insurance, vulnerability to class actions, and the reduced tax rate.

Read the full publication.

On January 8, 2018, the FTC announced an agreement with electronic toy manufacturer, VTech Electronics Limited and its U.S. subsidiary, settling charges that VTech violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from hundreds of thousands of children without providing direct notice or obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected. Under the agreement, VTech will (1) pay a $650,000 civil penalty; (2) implement a comprehensive data security program, subject to independent audits for 20 years; and (3) comply with COPPA. This is the FTC’s first COPPA case involving connected toys and the Internet of Things.

On October 23, 2017, the Federal Trade Commission issued a policy enforcement statement providing additional guidance on the applicability of the Children’s Online Privacy Protection Rule (“COPPA Rule”) to the collection of children’s audio voice recordings. The FTC previously updated the COPPA Rule in 2013, adding voice recordings to the definition of personal information, which led to questions about how the COPPA Rule would be enforced against organizations who collect a child’s voice recording for the sole purpose of issuing a command or request. Continue Reading FTC Issues Policy Statement on COPPA and Voice Recordings

On September 5, 2017, the FTC announced that Lenovo, Inc. (“Lenovo”) agreed to settle charges that its preloaded software on some laptop computers compromised online security protections in order to deliver advertisements to consumers. The settlement agreement (the “Settlement”) is between Lenovo, the FTC and 32 State Attorneys General.  Continue Reading FTC Announces Settlement with Lenovo Regarding Preinstalled Laptop Software