Rule

On September 15, the Federal Trade Commission released the changes it is proposing to make to the Children’s Online Privacy Protection Rule (required by the Children’s Online Privacy Protection Act, or COPPA).  The Rule has been in effect since 2000.  To address technological developments in the last decade, the FTC is recommending a number of changes to the definitions and required procedures for compliance.

The Florida Supreme Court has amended its state court rules and forms to "minimize the amount of unnecessary personal information included in documents filed with the courts" as a "necessary step in the Court's ongoing effort to provide the public with electronic access to non-confidential court records."   In Re: Implementation of Committee on Privacy and Court Records Recommendation [PDF].  The "linchpin" of the amendments was the new Rule of Judicial Administration Rule 2.425--the "Minimization of the Filing of Sensitive Information"--that governs the filing of sensitive personal information with the court and requires "both attorneys and pro se litigants [to] be vigilant to file only authorized documents."  The new rules provide for sanctions for violations, but the court noted that "continual education and a change in mindset for all those involved in the litigation process are necessary for these rules to work as intended."

On December 18, 2010, President Obama signed the Red Flag Program Clarification Act of 2010. Effective immediately, the act changes the definition of the word “creditor” in the FTC Red Flags Rule to exclude most professionals that take payment after rendering services.

The Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 CMR 17.00, go into effect today, March 1, 2010.  The regulations impose strict data security requirements on every business that owns or licenses “personal information” about a resident of Massachusetts, regardless of where the business is located or does business.

The Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 CMR 17.00, go into effect today, March 1, 2010. The regulations impose strict data security requirements on every business that owns or licenses “personal information” about a resident of Massachusetts, regardless of where the business is located or does business.

On Friday, October 30, 2009, the FTC announced that it was delaying enforcement of its Red Flags Rule until June 1, 2010.

Today, the Massachusetts Office of Consumer Affairs and Business Regulation ("OCABR") filed its final amendments to the state's data security regulations, which impose specific requirements on entities for safeguarding the personal information of Massachusetts residents. The OCABR will make its amendments public next Monday, but has already stated that it didn't make any major changes and only clarified language regarding contracts between persons who own or license personal information and third-party service providers. The updated regulations are scheduled to take effect on March 1, 2010.

The Massachusetts Office of Consumer Affairs and Business Regulation announced amendments yesterday to its identity theft regulations, including an extension of the compliance deadline to March 1, 2010.

On Wednesday, July 29, 2009, the FTC extended the enforcement deadline for the Red Flags Rule until November 1, 2009.

The FTC has created a template to help "low risk" entities comply with the new Red Flags rules. "Low risk" entities are  those whose business practices are such that it would be hard to use a false identity, such as working with customers known to the employees personally or providing services at customers' homes.