Jun 72018

Sidley Updates Bloomberg Portfolio on FTC Enforcement of Privacy & Data Security

Clayton G. Northouse, Edward R. McNicholas, Dean C. Forbes and Andrew J. Strenio, Jr.
, , , , , ,

Sidley Austin has recently updated its “FTC Enforcement of Privacy & Data Security,” which has been published as part of Bloomberg Law’s Privacy & Data Security Practice Portfolio, Portfolio No. 500, available here.

This updated and enhanced portfolio explains the enforcement authorities, powers, and limitations of the Federal Trade Commission (FTC), and its ever-evolving role as the de facto United States privacy and information security regulator in many sectors. It explains how the FTC uses its general authority under Section 5 of the FTC Act to regulate the collection, use, sharing, and security of personal information of U.S. consumers.   The Portfolio also notes the agency’s efforts to expand its mandate to include employees, as well as its role in protecting Europeans whose personal information is transferred to the U.S. via the U.S.-EU Privacy Shield Framework and other cross-border responsibilities.

The FTC has brought dozens of actions against companies alleging unfair or deceptive practices concerning the privacy and/or information security of consumers’ personal information. This includes now more than 50 general privacy cases, over 60 information security cases, and over 130 spam and spyware cases. Although the FTC closes many investigations without sanction, in many cases these actions have resulted in 20-year consent orders for companies that require their regular reporting to the FTC as well as implementation of comprehensive privacy and/or information security programs.  The portfolio updates readers on the impact of recent FTC privacy and security enforcement actions and business education guidance.

We are particularly glad to note the addition of FTC-alum Dean Forbes to the revisions of the portfolio.  Dean was a key FTC staff attorney on several of its early privacy cases, and he joins former FTC Commissioner Andy Strenio in providing fresh insights into this complex topic.

Questions about the portfolio may be directed to its authors, who are listed below and may be directly contacted via email:

Edward McNicholas (emcnicholas@sidley.com)

Andrew Strenio (astrenio@sidley.com)

Clayton Northouse (cnorthouse@sidley.com)

Dean Forbes (dforbes@sidley.com)

Clayton G. Northouse

cnorthouse@sidley.com

Edward R. McNicholas

emcnicholas@sidley.com

Dean C. Forbes

dforbes@sidley.com

Andrew J. Strenio, Jr.

astrenio@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

U.S. Employers Need to Reconsider Use of Confidentiality and Nondisparagement Provisions in Light of New NLRB Decision

Employers frequently seek to include confidentiality and nondisparagement provisions in severance agreements provided to departing employees. Last week, the U.S. National Labor Relations Board (NLRB or Board) significantly altered the legal landscape governing such provisions, making it much more difficult for unionized and nonunionized employers alike to use them for nonsupervisory employees without running afoul of the National Labor Relations Act (NLRA). The decision is likely to be appealed, and we will issue updates as they become appropriate. In the interim, however, it is critically important for employers to understand the implications of the decision (see below) and to adjust their use of these provisions to limit their risk.

New FTC Guidance for Mobile Health Apps

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as information related to diagnosis, treatment, fitness, wellness, or addiction. While the tool should not be considered legal advice and cannot guarantee compliance with legal requirements, it can help healthcare providers, health plans, and technology companies issue-spot to manage risk in this heavily regulated space.