With international trade rarely making the news in this era of stable foreign relations and respectful international dialogue, you can be forgiven if you are unaware that Canada has entered several trade agreements that require it to protect trade secrets. But can Canada be forgiven for never actually enacting trade secret legislation? Maybe we can because of Canada’s substitute: the common law action for “breach of confidence”.

Insolvent companies often hold a large volume of personal data, such as customer lists or user data. Who is responsible for this information? Recently, the Irish High Court decided a case concerning the transfer of patient records from a private hospital in liquidation.

In the matter of Bernard L Madoff Investment Securities LLC [2009] EWHC 442 (Ch), Mr Justice Lewison granted an application for the transfer of personal data in the possession of the joint provisional liquidators of a UK subsidiary to the trustee in bankruptcy of its parent company in the US, Bernard L Madoff Investment Securities LLC. The application was granted on the basis that it was necessary for reasons of substantial public interest.

David Vladeck, Director of the FTC’s Bureau of Consumer Protection, recently sent a letter to creditors of XY Magazine, warning that the creditors’ acquisition of personal information about the debtor’s subscribers and readers in contravention of the debtor’s privacy promises could violate the Federal Trade Commission Act (“FTC Act”).

The Federal Trade Commission has had a full mailbox recently. It received a request to investigate caffeine-infused malt beverages and a request for a new privacy law. And the FTC sent a cautionary letter to a magazine addressing privacy issues in a consumer bankruptcy.

Expect the unexpected from your Web site privacy policy. In a handful of cases, including two which were recently decided, companies have been thwarted in various, unexpected ways by the commitments made in their online privacy policies.

Are your intellectual property litigators reading your privacy policy?

After receiving a letter from David Vladeck, the Director of the Bureau of Consumer Affairs at the Federal Trade Commission, a bankruptcy judge allowed the destruction of personal information of gay teens who subscribed to the now defunct XY magazine.

The judge presiding over the bankruptcy proceeding of the operator of a Web site and magazine aimed at gay teens has approved a settlement allowing the destruction of personal information of users rather than a sale to creditors as part of the bankruptcy estate. The court approved the settlement after the Federal Trade Commission raised objections to the sale, citing the Web site sign-up confirmation page, which stated that "[w]e never give your info to anybody," and a similar statement directed to subscribers of an associated print magazine.

Perhaps prompted by revelations that one or more Connecticut-based insurers failed to notify individuals or report known data security incidents or breaches until weeks, or even months, after the data had been lost or stolen, the state's Insurance Commissioner has issued stringent new reporting obligations applicable to all entities regulated by the Connecticut Department of Insurance (CDI), including, for example, insurers, agents, brokers, adjusters, health maintenance organizations, preferred provider networks, discount health plans and certain consultants and utilization review companie

This blog series has been following the continuing flow of large security breaches of Protected Health Information (“PHI”) and how affected providers and insurers have been responding to their discovery. The New York City Health and Hospitals Corporation’s North Bronx Healthcare Network (“HHC”) has recently become perhaps the largest marcher in the parade of PHI security breaches with a reported 1,700,000 persons affected.