Post on 01-Sep-2020
transcript
www.khlaw.comWashington, D.C. ● Brussels ● San Francisco ● Shanghai
Tracy P. MarshallPartner
Keller and Heckman LLP1001 G Street, N.W.
Washington, DC 20001202-434-4234
marshall@khlaw.com
Practical Tips for Avoiding Privacy Enforcement and Lawsuits
July 14, 2011Sheila A. Millar
PartnerKeller and Heckman LLP
1001 G Street, N.W.Washington, DC 20001
202-434-4143millar@khlaw.com
Douglas J. BehrPartner
Keller and Heckman LLP1001 G Street, N.W.
Washington, DC 20001202-434-4213
behr@khlaw.com
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20112
PresentersSheila A. Millar is a Partner at Keller and Heckman and counsels corporate and association clients on a range of consumer protection regulatory and public policy matters. Ms. Millar advises clients on privacy and security policies and programs, data breach responses, data transfers and cloud computing. She also counsels clients on privacy and regulatory compliance aspects of promotions, social media policies, website terms and online sales. Noted for her expertise on children's issues, Ms. Millar has participated in Federal Trade Commission (FTC) workshops on children's privacy and advertising literacy.
1
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20113
Presenters
Tracy P. Marshall is a Partner at Keller and Heckman LLP. She assists for-profit and non-profit clients with a range of business and regulatory matters. In the Internet, privacy, and advertising areas, Ms. Marshall provides counsel on e-commerce transactions and online promotions, privacy and data security policies and programs, and data breach management.
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20114
Presenters
Douglas Behr practices civil litigation and white collar criminal defense. Mr. Behr represents business, trade associations, and individuals before federal and state trial and appellate courts, regulatory bodies, and licensing forums with a concentration on Lanham Act false advertising, contract disputes, white collar crime defense, product liability, and trade regulation controversies. He also advises members of the business community on litigation avoidance.
2
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20115
Preliminary Word
This presentation provides information about the law. Legal information is not the same as legal advice, which involves the application of law to an individual's specific circumstances. The interpretation and application of the law to an individual’s specific circumstance depend on many factors. This presentation is not intended to provide legal advice. The information provided in this presentation is drawn entirely from public information. The views expressed in this presentation are the authors’ alone and not those of the authors’clients.
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20116
Upcoming Webinars
July 28 -- Toward Privacy by Design: Smart Grid and Other Technologies
3
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20117
The Issues
Privacy related enforcement and litigation is on the riseMany class action suitsMany actions based on data breaches, collection of data related to web browsing activities, unfair or deceptive acts/ practicesMajor settlements have been reachedCases set precedents
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20118
Agenda
Overview of Federal and State LawsFTC and State EnforcementClass Action LawsuitsBest Practices
4
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 20119
OVERVIEW OF RELEVANT LAWS
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201110
Federal Privacy Laws
Electronic Communications Privacy Act (ECPA)Computer Fraud and Abuse Act (CFAA)Video Privacy Protection Act (VPPA)Gramm-Leach-Bliley Act (GLBA)Fair Credit Reporting Act (FCRA); Fair and Accurate Credit Transactions Act of 2003 (FACTA); FTC Red Flags RuleHealth Information Portability and Accountability Act (HIPAA) CAN SPAM ActTelemarketing LawsChildren’s Online Privacy Protection Act (COPPA)FTC Act
5
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201111
State Statutory Claims
Data Breach NotificationData SecuritySocial Security NumbersRecords Destruction“Mini-FTC Acts”State Analogues to ECPA and CFAA
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201112
State Common Law Claims
NegligenceBreach of ContractTrespass to ChattelsInvasion of PrivacyUnjust Enrichment
6
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201113
Who Can Bring an Action
Federal Trade CommissionDepartment of Health and Human ServicesDepartment of JusticeState Attorneys GeneralPrivate Plaintiffs
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201114
Common Remedies
Civil penaltiesInjunctive reliefAttorney’s feesTrainingImplementation of programs (e.g., information security, privacy programs)Periodic audits
7
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201115
FEDERAL AND STATE AGENCY ENFORCEMENT
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201116
FTC OverviewBureau of Consumer Protection Division of Privacy and Identity Protection enforces Section 5 of the FTC Act, FCRA, GLB Act, COPPA, CAN SPAM, Do-Not-Call, etc.
In the last 15 years, the FTC has brought• 97 CAN SPAM cases ($5.7 million in civil penalties)• 86 FCRA cases ($21 million in civil penalties)• 64 Do-Not-Call cases ($60 million in civil penalties)• 34 data security cases• 16 COPPA cases ($6.2 million in civil penalties)• 15 spyware (or nuisance adware) cases
Where the FTC does not have authority to seek civil penalties (e.g., for data security and spyware violations), it has sought authority from Congress
8
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201117
FTC Act
Section 5 governs unfair and deceptive acts/ practicesActions for violations of privacy or security “promises” (e.g., statements in online privacy policies)Actions for breaches of data security under unfairness authorityFTC enforcement activities sometimes coordinated with state Attorneys General acting under their “little FTC” acts
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201118
FTC Complaint: Ceridian Corporation, FTC Docket No. C-4325
Customers enter employees’ PI on Powerpay website to compute payroll amounts and process payroll checks and direct deposits
Claims on website: “Our comprehensive security program is designed in accordance with ISO 27000 series standards, industry best practices and federal, state and local regulatory requirements”
Contract covenants: “[Ceridian] shall use the same degree of care as it uses to protect its own confidential information of like nature, but no less than a reasonable degree of care, to maintain in confidence the confidential information of the [customer]”
Ceridian failed to provide reasonable and appropriate security for PI
Hackers initiated SQL injection attack and exported information of at least 28,000 individuals, including bank account numbers, SSNs, and DOBs
The acts and practices constitute unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act
9
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201119
Ceridian’s Failure to Provide Reasonable and Appropriate Security for PI
Stored PI in clear, readable textStored PI indefinitely without a business needDid not adequately assess the vulnerability of web applications and network to commonlyknown or reasonably foreseeable attacks, such as SQL attacksDid not implement readily available, free or low-cost defenses to such attacksFailed to employ reasonable measures to detect and prevent unauthorized access to PI
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201120
FTC Complaint: Lookout Services, Inc., FTC Docket No. C-4326
I-9 Solution web-based computer product collects and stores information from or about its customers’ employees
Statements in marketing materials: “your data will be encoded and transmitted over secured lines to Lookout Services server. This FTP interface will protect your data from interception, as well as, keep the data secure from unauthorized access.”
Lookout failed to provide reasonable and appropriate security for PI
Weak authentication practices and web application vulnerabilities enabled a customer’s employee to gain access to PI for > 37,000 consumers
10
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201121
Lookout’s Failure to Provide Reasonable and Appropriate Security for PI
Failed to establish or enforce rules sufficient to make user IDs and passwords hard to guess
Failed to require periodic changes of user credentials, e.g., every 90 days, forcustomers and employees with access to sensitive personal information
Failed to suspend user credentials after a number of unsuccessful login attempts
Did not adequately assess and address the vulnerability of the web application to widely-known security flaws
Allowed users to bypass authentication procedures on website when they typed in a specific URL
Failed to detect and prevent unauthorized access to computer networks, e.g., by employing an intrusion detection system and monitoring system logs
Created an unnecessary risk to PI by storing passwords used to access the I-9 database in clear text
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201122
FTC Complaint: Twitter, Inc., FTC Docket No. C-4316
Most employees authorized to exercise administrative control of the system, including the ability to reset passwords, view nonpublic tweets and nonpublic user information, and send tweets on behalf of a user
Employees entered administrative credentials into the same webpage where users logged in
Employees instructed to use personal email account for company business, and emails from Twitter employees displayed the employee’s personal email address
Twitter privacy policy: “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.”
Twitter failed to prevent unauthorized control of the system
11
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201123
Twitter’s Failure to Prevent Unauthorized Administrative Control of the System
Twitter failed to• Require use of hard-to-guess administrative passwords not used
for other programs, websites, or networks
• Prohibit employees from storing passwords in plain text within personal e-mail accounts
• Suspend or disable administrative passwords after a number of unsuccessful login attempts
• Provide administrative login webpage for authorized persons separate from login page for users
• Enforce periodic changes of administrative passwords
• Restrict access to administrative controls to employees whose jobs required it
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201124
FTC Complaint: Google, Inc., FTC File No. 102 3136
Draft Complaint and Consent Order
Gmail Privacy Policy: “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose forwhich it was collected, then we will ask for your consent prior tosuch use.”
Company used information collected from Gmail users to generate and populate Google Buzz social network without obtaining prior consent, in contravention of Google’s privacy policy
Google maintained a U.S.-EU Safe Harbor self-certification, but did not adhere to the Safe Harbor Principles of Notice and Choice
12
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201125
Ceridian, Lookout, Twitter, and GoogleFTC Consent Orders
Do not misrepresent the extent to which the company maintains and protects the privacy, confidentiality, or integrity of PI
Establish, implement, and maintain a comprehensive written information security program
• Designate employees• Identify risks to PI• Design and implement reasonable
safeguards to control the risks • Regularly test or monitor the
effectiveness of the safeguards• Select service providers capable of
safeguarding PI and require service providers by contract to implement and maintain appropriate safeguards
• Evaluate and adjust the program as necessary
Obtain independent, third party security audits
• Set forth administrative, technical, and physical safeguards
• Explain how the safeguards are appropriate to the company’s size andcomplexity, nature and scope of activities, and sensitivity of PI
• Explain how the safeguards meet or exceed the protections required
• Certify that the company’s security program is effective to provide reasonable assurance that PI is protected
Ceridian, Lookout, and Google: Every 2 years for 20 years
Twitter: Every 2 years for 10 years
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201126
Additional Terms in Google Consent Order
Prior to any new/ additional sharing of a user’s information with a third party that is different from practices in effect at the time the information was collected, Google must disclose:• That the user’s information will be disclosed to one or more third parties• Identity or specific categories of third parties• Purpose(s) for sharing, and Google must obtain express affirmative
consent to sharing
Google must not misrepresent its affiliation with the U.S.-EU Safe Harbor Framework or any other compliance program sponsored by the government or athird party
13
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201127
HHS HIPAA Enforcement: Cignet
Investigation by HHS Office for Civil Rights (OCR) for HIPPA violations
Cignet denied 41 patients access to their medical records upon request, and patients filed complaints with OCR, initiating investigations
Cignet refused to respond to OCR’s demands to produce records and failed to cooperate with OCR’s investigations
OCR filed petition to enforce subpoena in U.S. District Court and obtained a default judgment; Cignet produced the records, but made no effort to resolve the complaints informally
Notice of Final Determination: $4.3 million penalty (February 2011)• $1.3 million for violation of HIPAA Privacy Rule• $3 million for failure to cooperate with OCR/ willful neglect to comply with Privacy Rule• Penalty is the first issued by HHS for HIPAA Privacy Rule violations
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201128
Joint HHS/FTC Enforcement: Rite Aid Corporation
Joint investigation by HHS OCR (violations of HIPPA Privacy Rule) and FTC (violations of Section 5 of the FTC Act)
Pharmacies disposed of prescriptions and labeled pill bottles containing individuals’protected health information in trash bins accessible to the public
HHS Resolution Agreement (June 2010)• Physical and administrative safeguards not adequately designed to appropriate and
reasonably safeguard the PHI• No training or sanctions policy for employees who failed to comply• Each RAC entity must pay $1 million and implement a corrective action program for 3 years
FTC Complaint (November 2010)• RAC failed to implement policies and procedures to dispose securely of PI, adequately train
employees, assess compliance with its policies and procedures, and employ a reasonable process for discovering and remedying risks to PI
• RAC made falsely represented that it implemented reasonable and appropriate measures to protect PI and failed to employ reasonable and appropriate security measures
• Practice is an unfair or deceptive act or practice, in violation of Section 5(a) of the FTC Act
FTC Consent Order (November 2010)• Same terms as Ceridian and Lookout
14
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201129
MA Data Breach Settlement
First enforcement of MA data security regulations
Attorney General settlement with the Briar Group, LLC over breach of credit card information for tens of thousands of consumers
Hackers accessed the Briar Group’s computer systems in April 2009 and misappropriated data; malcode not removed until December 2009
Settlement Terms• Pay $110,000 in civil penalties• Comply with MA data security regulations• Comply with Payment Card Industry Data Security Standards• Establish and maintain an enhanced network security system
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201130
IN Data Breach Settlement
Attorney General settlement with WellPoint Inc. over company’s failure to notify customers and the AG’s office “without unreasonable delay” following a data breach affecting > 32,000 residents
Applications for insurance policies containing SSNs, financial information and health records were accessible through an unsecured website for at least 137 days
WellPoint was notified in February 2010 and March 2010 that records were accessible, but did not notify customers until June 2010
Settlement Terms• Pay $100,000 to State for Consumer Assistance Fund• Comply with IN security breach law• Admit the breach and failure to properly notify • Provide up to 2 years of credit monitoring and identity theft protection services to
affected consumers• Reimburse consumers up to $50,000 for any ID theft losses due to the breach
15
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201131
Responding to an Agency Action
Similar processes for federal agencies and state Attorneys GeneralInstitute a litigation holdOpen dialogue immediatelyGet the factsRespond promptlyForm alliances, where appropriate and availableRecognize failings
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201132
CLASS ACTION LAWSUITS
16
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201133
Common Causes of Action
Use of cookies, flash cookies, and other technologies to track online consumer behavior• Alleged violations of CFAA, ECPA, VPPA,
state computer crime laws, state invasion of privacy laws, unjust enrichment
Data breaches• Alleged breach of warranty, breach of
contract, negligence, and violations of state security requirements
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201134
Major Class Action Settlements
Clearspring and Quantcast• Alleged violations of CFAA, ECPA, VPPA, CA computer crime law, CA
Invasion of Privacy Act, unjust enrichment• $2.4 million
– Paid to non-profit organizations dedicated to promoting consumer privacy awareness
Facebook Beacon• Alleged violations of CFAA, ECPA, VPPA, CA computer crime law• $9.5 million
– Lawyers received about 30%– Remainder deposited in online privacy fund
Google Buzz• Alleged violations of CFAA• $8.5 million
– Lawyers received about 30% – Remainder deposited in online privacy fund
17
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201135
Flash Cookies: Clearspring and Quantcast
In Re Clearspring Flash Cookie Litigation, No. cv-05948; In Re Quantcast Advertising Cookie Litigation, No. cv-05484
$2.4 million settlement reached in December 2010
Class action brought against Quantcast and Clearspring and their “flash cookie affiliates”(publishers)
Companies stored flash cookies on users’ computers to collect information from and about them
In some cases, if users deleted third party cookies, the companies used information stored in flash cookies to “respawn” the information stored in the deleted cookies
Companies must refrain from using flash cookies to• Respawn browser cookies• Serve as an alternative to browser cookies for tracking user activities unrelated to the delivery of
content through the Flash Player without adequate disclosure• Otherwise counteract a user's decision to delete previously created HTTP cookies
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201136
La Court v. Specific Media, Inc.
Case No. cv-10-1256 (C.D. Cal. 2010)Similar to Quantcast and ClearspringComplaint alleged that Specific Media violated consumer privacy by using flash cookies to capture online behavioral informationCourt granted Motion to Dismiss in April 2011• Plaintiffs did not have standing to sue because they
did not allege or show actual injury
18
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201137
History Sniffing
Several lawsuits filed in 2010 against InterClick, McDonald’s, adult websites and othersPitner et. al. v. Midstream Media Int’l, N.V., No. 8:10-cv-01850 (C.D. Cal. Dec. 6, 2010) • California residents filed suit against the adult website, YouPorn,
alleging that the website violated cybercrime and consumer-protection laws by using technology to harvest information aboutwhat websites users had visited
Bose v. InterClick, Inc., 10 CV 9183 (S.D.N.Y.)• Suit alleges that InterClick invaded Plaintiff's privacy,
misappropriated her personal information, and interfered with the operability of her computer when using Flash cookies and history-sniffing techniques to stop her attempts to prevent online tracking
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201138
Issues and Possible DefensesExamine how flash cookies and data obtained through the use of flash cookies is used by the company and third party service providers
Confirm the data being collected, by whom and for what purpose, how it remains anonymous, whether there is any linkage with personal information, and applicable retention periods
Describe use of cookies and other technologies to collect data in website privacy policy so that users are on notice and could be deemed to have consented based on the privacy policy
Plaintiffs must have legal standing to sue, i.e., a sufficient “injury-in-fact”
Certain laws, such as CFAA and computer trespass statutes, require damages (e.g., lost profits)
• New developing arguments, such as individuals’ property rights in their personal data, are designed to overcome this problem
No “unjust enrichment” if flash cookies are used to collect data, especially if data is not shared with third parties or used for any commercial purpose
19
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201139
Dispute Resolution
Address dispute resolution in website terms and conditions • Require arbitration of disputes• Limit right to individual disputes/ bar class
actionsAT&T Mobility LLC v. Concepcion, 563 U. S. ____ (April 27, 2011)• U.S. Supreme Court upheld AT&T’s contract
clause prohibiting class-wide arbitration
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201140
Anatomy of Two Data Breaches: Epsilon and Sony
April 1, 2011 – Epsilon data breach• Acquisition of names and email addresses for > 60 million of Epsilon business
clients’ customersApril 6, 2011 – Epsilon notified consumers of breachApril 19, 2011 – Sony Playstation data breach• Acquisition of names, email addresses, addresses, passwords, and birthdates
of > 77 million consumersApril 26, 2011 - Sony notified consumers of breachApril 27, 2011 – First class action lawsuit filed against SonyMay 2, 2011 – Another data breach affecting Sony Online Entertainment• Acquisition of names, addresses, email addresses, birth dates, passwords,
and logins for > 30 million consumersMay 4, 2011 – House Subcommittee on Commerce, Manufacturing, and Trade hearing on “The Threat of Data Theft to American Consumers.”June 2, 2011 – House Subcommittee on Commerce, Manufacturing, and Trade hearing on “Sony and Epsilon: Lessons for Data Security Legislation”
20
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201141
Sony Data Breach LawsuitsFirst lawsuit filed 1 day after notice of breach; dozens of lawsuits filed in U.S. federal courts
• Alleged that Sony failed to take reasonable care to protect, encrypt, and secure data and delayed breach notifications to consumers
• Claims for breach of warranty, breach of contract, negligence, and violations of state security requirements
• Seeking monetary compensation, equitable relief (replacement and/or recall of defective PlayStation consoles), attorney’s fees
• Seeking class action status
Cortorreal et al v. Sony Corporation Inc. et al, No. 11-1369 (S.D.Cal. June 20, 2011)
• Alleged that Sony laid off several employees in network security unit just weeks before the breach and that the company protected corporate data, but not consumer data
• Alleged violations of CA Consumer Legal Remedies Act and Unfair Competition Law, ECPA, negligence, breach of contract, breach of fiduciary duty
• Seeking monetary compensation, equitable relief, credit monitoring, attorney’s fees
• Seeking class action status
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201142
ImplicationsSeveral federal data breach notification laws introducedFTC supports federal lawMajor issues
– Data security measures– Timing of notifications– Federal preemption– Privacy right of action
21
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201143
Best Practices
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201144
FTC Guidance
A Preliminary FTC Staff Report on Protecting Consumer Privacy inan Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (Dec. 1, 2010)• Build in Privacy by Design• Give consumers choice• Be transparent about practices • Educate consumers about privacy
Protecting Personal Information: A Guide For Business• Take stock: Know what personal information you have in your files
and on your computers• Scale down: Keep only what you need for your business• Lock it: Protect the information • Pitch it: Properly dispose of what you no longer need• Plan ahead: Create a data breach response plan
22
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201145
“Know, Say, Do” Approach
Know what you do• Know what information is collected, through what
technologies, and how it is used• Determine whether the data is personal/ non-
personal; linkage to personal data; necessity of the information
Say what you do• Review and update privacy polices
Do what you say• Periodic reviews essential to make sure that new
technologies, marketing initiatives do not involve data collection or practices that violate policies
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201146
Compliance Tools
Adopt written plansBuild privacy and security awarenessUse checklistsPerform audits (internal/external)Review and update privacy policiesDetermine root cause, take corrective actions in response to breachMonitor enforcement actions, litigation to benchmark your practicesUpdate your plan
23
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201147
Agencies and Service Providers
Review third party’s data security practices and compare with company’sBuild requirements into contracts• Implement and maintain appropriate privacy
and security measures• Require notification in the event of any
contractor incident
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201148
Be Proactive!
Maintaining a proactive stance on privacy and security will protect your reputation and save money in the long termInstitute a litigation holdLaunch a factual investigationArrange for expertsReview contracts with suppliers and look for indemnification provisionsReview insurance policies for coverageAnticipate costs
24
www.khlaw.comWashington, D.C. ● Brussels ● San Francisco ● Shanghai
Questions?
│ www.khlaw.com │ KELLER AND HECKMAN LLP Copyright © 201150
Upcoming Webinars
July 28 -- Toward Privacy by Design: Smart Grid and Other Technologies
All webinars will be held from 11:00 a.m. – 12:30 p.m. ET
25
www.khlaw.comWashington, D.C. ● Brussels ● San Francisco ● Shanghai
Thank you!
Tracy P. MarshallPartner
Keller and Heckman LLP1001 G Street, N.W.
Washington, DC 20001202-434-4234
marshall@khlaw.com
Sheila A. MillarPartner
Keller and Heckman LLP1001 G Street, N.W.
Washington, DC 20001202-434-4143
millar@khlaw.com
Douglas J. BehrPartner
Keller and Heckman LLP1001 G Street, N.W.
Washington, DC 20001202-434-4213
behr@khlaw.com
26