Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: enforcement

Posted in Consumer Privacy, News & Events

Upcoming DC Program Explores Where We Are Headed with Section 5 of the FTC Act

Data privacy and security regulators don’t always agree. Take a look at the Federal Trade Commission for example. In recent years, FTC commissioners have disagreed about the role that cost-benefit analyses should play and the types of consumer harms that should be considered in the FTC’s data privacy and security enforcement actions. For organizations that rely on the collection and use of consumer information, understanding the different viewpoints at the FTC and how those viewpoints may influence future enforcement is vital to evaluating risk. On Thursday, November 5, 2015, the Future of Privacy Forum will look at those issues as it celebrates its new home and its new partnership with Washington & Lee University School Law by hosting a panel discussion addressing the Future of Section 5 of the FTC Act. Panelists David Vladeck (former FTC Consumer Bureau Director David Vladeck) and James Cooper (former Acting Director of the Office of Policy Planning) will look at key Section 5 issues.

Posted in International/EU Privacy

Recap on the ICO Stance on Data Security

The UK’s Information Commissioner’s Office is known to prefer an “engaging” rather than an enforcement approach with organisations. However, when looking at the “action we’ve taken” page on the ICO website the ICO’s enforcement activity seems to be increasing by the day. While the ICO has stated that it wants to focus its enforcement efforts going forward on unsolicited marketing, such as nuisance messages and calls, breaches of security requirements have to date attracted the majority of the ICO’s enforcement attention. Therefore, organisations operating in the UK would be well-served to focus on understanding and adhering to the ICO’s expectations for data security compliance.

Posted in Consumer Privacy

FTC Continues to Enforce Security Statements

The Federal Trade Commission (“FTC”) has settled with two mobile application developers, Fandango and Credit Karma, over charges that they misrepresented the security of their mobile applications. According to the FTC, the developers failed to provide reasonable and appropriate security when their mobile applications transmitted consumers’ sensitive information. The particular issues noted by the FTC in its complaints against the developers differ to some degree, but the complaints share a common thread: the developers disabled the Secure Sockets Layer (SSL) protocol, which authenticates and encrypts communications across networks. In our post, we provide a high-level description of how SSL works, summarize the FTC’s complaints against Fandango and Credit Karma, and identify some important takeaways from these settlements.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Settlement for Failure to Scrub Data from Photocopier: A $1.2 Million Lesson Learned

In a recently-announced settlement between the Department of Health and Human Services Office for Civil Rights and a New York health plan, the health plan agreed to pay $1.2 million for the breach of electronic patient records stored in the internal memory of digital photocopiers leased and improperly disposed by the plan.

Posted in Consumer Privacy

California AG Sends Enforcement Letter to Developers of Popular Mobile Apps

On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.

Posted in Health Privacy/HIPAA

Alaska Medicaid Settles HIPAA Security Rule Violations for $1.7 Million

Following an extensive investigation by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR), the Alaska Department of Health and Social Services (DHSS), Alaska’s state Medicaid agency, agreed to pay $1.7 million in fines and to comply with a corrective action plan (CAP) to address gaps in its compliance with the HIPAA Privacy and Security Rules.

Posted in International/EU Privacy

Google’s Peter Fleischer: “A lot more privacy enforcement actions in 2012. And the sanctions are going to go through the roof.”

Today’s Guest Blog is from Peter Fleischer, who writes: “Since 2012 has now begun, here’s a prediction about the future: there’s going to be a lot more privacy enforcement actions. By a lot of different government authorities, not just DPAs. And the sanctions/damages are going to go through the roof. Indeed, it’s not easy to keep track of which government officials are in charge of data protection enforcement actions. There are a lot of them.” Read more in this entry.

Posted in Consumer Privacy

FCC Proposes $2.96 Million Forfeiture for TCPA Violations

The Federal Communications Commission has proposed a $2.96 million forfeiture against Travel Club Marketing, Inc. for apparent violations of the Telephone Consumer Protection Act (TCPA) and related FCC rules regarding the delivery of prerecorded messages, as well as its Caller ID rules. This enforcement action serves as a reminder to companies placing autodialed calls or delivering prerecorded messages to ensure that such calls and messages comply with federal and state laws. Otherwise, they risk not only class action litigation, but also potential regulatory enforcement fines that are imposed on a per-call basis.

Posted in International/EU Privacy

Update on Mexico’s New Privacy Law: No Immediate Enforcement, But Companies Expected to Appoint Privacy Officer and Have Written Policies

Mexico’s new privacy law goes into effect in July. While enforcement will be delayed, companies are expected to have privacy officers and written policies in place. This blog entry reports on recent comments by the head of Mexico’s privacy commission at a program organized by Hogan Lovells.

Posted in Consumer Privacy

FTC Announces Proposed Google Buzz Settlement: First Time FTC Requires Comprehensive Privacy Program

The FTC today announced a proposed settlement with Google relating to charges that Google used deceptive practices and violated its own privacy policies when Google launched its social network “Google Buzz”. For the first time ever, the FTC is requiring a “Comprehensive Privacy Program” and affirmative consent to any new or additional uses of previously collected data.

Posted in News & Events

Hogan & Hartson Prepares Guidance on Business Compliance with FTC Identity Theft Red Flags Rule

Businesses may be facing their last chance to comply with the FTC identity theft Red Flags Rule as the compliance deadline was extended over the Summer to November 1, 2009. On July 29, 2009, the Federal Trade Commission (“FTC”) announced that it will delay enforcement of its identity theft “Red Flags Rule”until November 1, 2009. This is the third […]