Michelle Visser

Michelle Visser

Ropes & Gray LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Supreme Court’s Spokeo Decision Erects Barriers for Privacy and Data Security Plaintiffs

On May 16, 2016, the United States Supreme Court in Spokeo, Inc. v. Robins confirmed that a “concrete” injury is required of all private parties seeking to assert claims in federal court, even those alleging violations of a...more

5/18/2016 - Article III Class Action FCRA Injury-in-Fact SCOTUS Spokeo v Robins Standing Statutory Damages

First Circuit Decision Increases Risks to Businesses Under VPPA

On April 26, 2016, the First Circuit handed down a plaintiff-friendly Video Privacy Protection Act (“VPPA”) decision offering potentially expansive definitions of “subscriber” and “personally identifiable information.” The...more

5/13/2016 - Mobile Apps Personally Identifiable Information VPPA

Key Data Privacy and Security Concerns for Investment Firms

Privacy and data security concerns are among the most critical issues facing investment funds, advisors and managers (collectively, “investment firms”). This article outlines the privacy and data security challenges...more

5/12/2016 - Cybersecurity FTC HIPAA HITECH Investment Funds OCR Popular SEC Security and Privacy Controls

PCI SSC Releases Version 3.2 of Data Security Standard

On April 28, 2016, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.2. Significantly, the updated standard requires...more

5/5/2016 - Data Security Encryption PCI-DSS Standard SSL

U.S. Supreme Court Affirms Class Certification Based on “Representative Evidence” of Liability and Damages

On March 22, 2016, the Supreme Court of the United States issued a 6-2 opinion in Tyson Foods, Inc. v. Bouaphakeo, affirming the certification of a class based on the “representative evidence” of a statistical sample used to...more

4/4/2016 - Calculation of Damages Class Action Class Certification Class Representatives Doffing Donning Dukes v Wal-Mart FLSA SCOTUS Statistical Sampling Tyson Foods v Bouaphakeo

FTC Launches Study of Assessment Process for Payment Card Industry Data Security Standards

On March 7, the FTC announced a study of Payment Card Industry Data Security Standard (“PCI DSS”) assessments – the audits required of certain merchants pursuant to rules imposed by payment card brands such as Visa and...more

4/1/2016 - Credit Cards Data Security FTC Payment Systems PCI-DSS Standard

Consumer Financial Protection Bureau Brings Its First Data Security Enforcement Action

On March 2, the Consumer Financial Protection Bureau (“CFPB”) issued its first ever consent order in a data security matter. According to the order, Dwolla, Inc. settled allegations that it misrepresented that the company had...more

3/11/2016 - CFPB Consent Order Data Security Dwolla Payment Processors Personally Identifiable Information

FTC’s Proposed Settlement with Dental Practice Software Provider Marks Latest Data Security Action Against a Product Supplier

On January 5, the Federal Trade Commission (“FTC”) reached an agreement with Henry Schein Practice Solutions, Inc. (“HSPS”) to settle allegations that HSPS misrepresented that its dental practice software provided...more

2/8/2016 - Encryption Enforcement Actions FTC HIPAA Personally Identifiable Information Software Developers

The FTC’s Recent Enforcement Action Against Oracle Further Expands the Growing Pool of Potential Data Security Defendants

On December 21, 2015, Oracle Corporation (“Oracle”) reached an agreement with the Federal Trade Commission (“FTC”) to settle charges that it allegedly deceived customers regarding the security provided by updates to its Java...more

1/12/2016 - Consent Order Enforcement Actions FTC Oracle Unfair or Deceptive Trade Practices

Wyndham and FTC Agree to Consent Order Ending Data Security Breach Litigation

On Friday, December 11, 2015, the U.S. District Court for the District of New Jersey entered a consent order between the Federal Trade Commission (“FTC”) and hospitality company Wyndham Hotels and Resorts, LLC (“Wyndham”)...more

12/23/2015 - Consent Order Data Breach FTC FTC v Wyndham LabMD Popular Section 5 Unfair or Deceptive Trade Practices

State Attorneys General Fire Shot Across the Bow at Major Payment Card Brands Over “Chip and PIN” Technology

For well over a decade, U.S. regulators have been taking enforcement action against merchants and payment processors that, in the regulators’ view, failed to take “reasonable and appropriate” steps to secure payment card...more

12/7/2015 - Attorney Generals Banking Sector Chip and PIN Debit and Credit Card Transactions Enforcement Actions Personally Identifiable Information

ALJ Dismisses FTC Data Security Claims Against LabMD Due to Lack of Actual or Likely Substantial Consumer Harm

On November 13, a Federal Trade Commission administrative law judge dismissed the FTC data security complaint against medical laboratory LabMD, potentially vindicating LabMD’s vigorous two-year struggle to deny the FTC’s...more

11/25/2015 - ALJ Data Breach FTC LabMD Section 5

FCC Expands Its Claim of Data Security Authority with Recent Enforcement Action Against Cox Communications

Last week, the Federal Communications Commission (“FCC”) reached a settlement with Cox Communications, Inc. (“Cox”) regarding a 2014 data security breach that allegedly exposed the personal information of at least 54 current...more

11/16/2015 - Consent Decrees Cox Communications Customer Proprietary Network Information (CPNI) Data Breach Enforcement Actions FCC Popular

Nomi FTC Settlement Highlights Risks of Publicizing Company Privacy Policies

A closely divided Federal Trade Commission (“FTC” or the “Commission”) has signaled support for the agency’s recent focus on mobile device privacy. On April 23, 2015, the five-member Commission voted 3-2 to accept a proposed...more

5/21/2015 - Consent Order Corporate Counsel Data Collection FTC Misrepresentation Mobile Privacy Nomi Technologies Opt-Outs Prior Express Consent Privacy Laws Retailers Section 5

PCI SSC Releases Version 3.1 of Data Security Standard

On April 15, 2015, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.1, which contains numerous updates including,...more

5/20/2015 - Cybersecurity Debit and Credit Card Transactions Encryption Payment Processors PCI-DSS Standard

FCC Action Against AT&T Reflects Regulator’s Increasing Focus on Privacy and Data Security

In the wake of the Federal Communications Commission’s (“FCC’s”) first-ever foray last October into fining companies over data security practices, the agency’s Enforcement Bureau Chief, Travis LeBlanc, asserted that the...more

4/24/2015 - AT&T Data Breach Enforcement Actions FCC Open Internet Rules Regulatory Agenda

New York Establishes New Cyber Security Examination Process for Financial Institutions

New York’s Department of Financial Services released a letter on December 10, 2014, announcing the details of its plan to focus more attention on cyber security matters in conducting examinations. Directed at New...more

12/16/2014 - Banks Cybersecurity Data Breach Data Protection Financial Institutions OCIE Popular SEC

California Attorney General Issues Guidance on Do Not Track

In 2013, the California Legislature passed a tracking transparency bill, AB 370, which amended the California Online Privacy Protection Act (“CalOPPA”). AB 370 requires commercial website operators to inform users of how they...more

5/28/2014 - Amended Regulation Attorney Generals Best Management Practices CalOPPA Data Protection Disclosure Requirements Do Not Track FTC Personally Identifiable Information Privacy Policy Websites

Hulu Video Privacy Protection Act Summary Judgment Ruling in the N.D. of California Emphasizes Importance of Knowing What Data...

On Monday, April 28, 2014, the Northern District of California in In Re: Hulu Privacy Litigation, No. 3:11-cv-03764-LB (M.J. Laurel Beeler), issued a summary judgment opinion under the Video Privacy Protection Act (“VPPA”),...more

5/5/2014 - Class Action Data Collection Data-Sharing Facebook Hulu Personally Identifiable Information Privacy Disclosures Third-Party Video Privacy Protection Act

19 Results
|
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×