Category

FTC

23 August 2017

FTC Uber Settlement Mandates a Comprehensive Privacy Program, Sheds Light on “Reasonable Data Security” Expectations, and Underscores Importance of Insider Threat Prevention

On August 15, the FTC announced that it had reached an agreement with Uber to settle allegations that the company had made deceptive claims about its privacy and data security practices. The FTC’s settlement with Uber has important implications for privacy and data security measures that companies could take, and the representations they and their employees make in these areas. It also shed greater light on what the FTC means by “reasonable data security” measures that companies should implement, and underscores the importance of maintaining a robust insider threat prevention program. (more…)

SHARE
EmailPrintShare
01 May 2017

Timothy J. Muris Joins Sidley in Washington, D.C.

Washington, D.C. – Sidley Austin LLP is pleased to announce that Timothy J. Muris has joined the firm as senior counsel in its Antitrust/Competition practice. Mr. Muris, a former chairman of the Federal Trade Commission (FTC), has substantial experience in every aspect of antitrust enforcement as well as in key consumer protection issues, including advertising, consumer finance and privacy regulation.

(more…)

SHARE
EmailPrintShare
04 April 2017

A Farewell to the FCC Broadband Privacy Rules

On April 3, 2017, President Trump signed the bill repealing the Federal Communications Commission’s much-debated broadband privacy rules. The House of Representatives voted 215–205 to disapprove the rules, after a party-line Senate vote of 50–48. The result is that the FCC’s key rules governing internet service providers’ collection and use of consumer data, as well as data security, will not go into effect as scheduled. Moreover, the FCC will be precluded from promulgating any regulation in “substantially the same” form until a future Congress allows such action.

(more…)

SHARE
EmailPrintShare
22 November 2016

Federal Court Grants LabMD’s Motion to Stay Enforcement of FTC’s Final Order

The U.S. Court of Appeals for the Eleventh Circuit has ordered the FTC to halt enforcement of its data security order against LabMD while LabMD challenges the action.

To recap the events leading up to this stay, a data security company allegedly obtained sensitive data from LabMD via a peer-to-peer file-sharing program.  Allegedly, after LabMD refused to purchase the company’s security products, it reported the alleged data security vulnerability to the FTC. The FTC accused LabMD of unfair practices in failing to provide reasonable and appropriate security for customers’ personal information, which was allegedly likely to cause harm to customers. In 2015, an Administrative Law Judge dismissed the case, finding that the FTC failed to prove LabMD’s practices were likely to cause substantial customer injury. In July 2016, upon appeal to the full Commission, the FTC reversed the ALJ decision. Although LabMD stopped operating in 2014, the FTC nevertheless ordered LabMD to implement several information security compliance measures because the Lab still maintains medical records. LabMD appealed to the Eleventh Circuit and filed a motion to stay the FTC’s order.

(more…)

SHARE
EmailPrintShare
16 September 2016

FTC Expounds on NIST Cybersecurity Framework; Invites Comment on GLBA Safeguards Rule

On August 31, 2016, the Federal Trade Commission published “The NIST Cybersecurity Framework and the FTC” on its blog. The post describes how, in many ways, the FTC’s enforcement actions are “aligned” with the NIST Cybersecurity Framework and that many of the Commission’s enforcement actions can be analyzed under the Framework’s five core principles. The post also makes plain, however, that a company’s compliance with the Framework is not necessarily required, nor is adoption of the Framework clearly sufficient to satisfy the Commission’s requirement that companies establish “reasonable” cybersecurity practices. (more…)

SHARE
EmailPrintShare
24 June 2016

FTC Hosts Fourth Start with Security Event in Chicago

The Federal Trade Commission hosted its fourth Start with Security event in Chicago, IL on June 15, 2016. This event was the latest installment of the Start with Security business education initiative launched last summer to engage in proactive outreach with the business community on information security standards and FTC expectations at a time when the FTC’s authority to reactively regulate data security was being challenged in federal court.  In addition to the Start with Security events, the FTC also responded by synthesizing their 50+ data security settlements into “10 practical lessons” to guide companies looking to proactively comply with FTC data security expectations.

(more…)

SHARE
EmailPrintShare
26 May 2016

The New Privacy Cop Patrolling the Internet

*This piece originally appeared in Fortune Magazine on May 10, 2016.

As our online footprints grow in size and scope, it is more important than ever for Internet companies to protect us against hackers and disclose how they use our personal data. The Federal Trade Commission was long the main privacy cop enforcing these essential consumer protections. But last year, the FTC’s sister agency—the Federal Communications Commission—reclassified broadband ISPs as common carriers outside the FTC’s jurisdiction. Unless the courts reverse that decision, there are now two privacy cops on the Internet beat. The FCC polices ISPs like Verizon, Charter, and Sprint, while the FTC continues policing everyone else, from Google and Facebook to Apple and Amazon.

(more…)

SHARE
EmailPrintShare
25 May 2016

FTC Bans Payment Methods Under Its Telemarketing Sales Rule

*This article originally appeared in the FinTech Law Report, Volume 19, Issue 2 for March/April 2016.

On November 18, 2015, the Federal Trade Commission (FTC) issued final amendments to the Telemarketing Sales Rule (TSR) banning payment methods that the FTC believes are disproportionately used by scammers (Final Rule). The Final Rule was published in the Federal Register on December 14, 2015.

(more…)

SHARE
EmailPrintShare
06 May 2016

District Court Rules for the FTC in “Unfairness” Action Against Amazon Regarding In-app Purchasing Controls

On April 26, the US District Court in Seattle granted the FTC’s motion for summary judgment against Amazon for providing allegedly inadequate parental controls to limit their children’s in-app purchases. Case No. C14-1038-JCC.  The FTC alleged that the company’s failure to require more robust password re-entry meant that many in-app purchases by children resulted in unauthorized charges to the parents.

(more…)

SHARE
EmailPrintShare
12 January 2016

FTC Issues Report (and Warning Shot) on Big Data Use

Building upon its 2012 Consumer Protection Report, its 2014 report on Data Brokers, and a public workshop held on September 15, 2014, the FTC issued a new report on January 6, 2016, with recommendations to businesses on the growing use of big data:  Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues (“2016 Big Data Report”).  Rather than focusing on prior themes of notice, choice, and security, the 2016 Big Data Report addresses only the commercial use of big data consisting of consumer information, and focuses on impacts of such big data uses on low-income and underserved populations.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator