Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: FTC

Posted in News & Events

Hogan Lovells Partner Discusses Privacy Regulation with FTC Commissioner Ohlhausen

As the keynote speaker for the Winnik Forum, U.S. Federal Trade Commission (FTC) Commissioner Maureen Ohlhausen sat down with Christopher Wolf, Director of Hogan Lovells’ Privacy and Information Management Practice to discuss the evolving role of the FTC as we enter an era of “Big Data” and the “Internet of Things.” Commissioner Ohlhausen offered her views on a flexible approach to protecting consumer data privacy as connected devices continue to evolve. As opportunities arise for additional potential uses of collected data, Commissioner Ohlhausen said organizations and policymakers should consider a “harms-based approach” in which new uses of data would be allowed as long as they do not cause consumer harm and as long as they remain consistent with earlier promises that organizations have made to consumers. The key for Commissioner Ohlhausen is that companies should disclose what data is being collected and keep the promises that they make to consumers about the collection and uses of that data.

Posted in Consumer Privacy

FTC Sends Dozens of Warning Letters to Companies Over Advertising Disclosures

It should be standard practice for companies to review the transparency of material disclaimers and disclosures in their advertising before every ad campaign. However, some companies tend to pack material disclosures into fine print or otherwise minimize their significance. The Federal Trade Commission recently signaled to companies that it is paying attention to print and television ad disclosures. This follows the FTC’s renewed attention to online advertising as addressed last year in its updated .com Disclosures guidance for digital advertising

Posted in Consumer Privacy

FCC Announces $10 Million Proposed Forfeiture Over Data Security Practices

The Federal Communications Commission recently issued a Notice of Apparent Liability for Forfeiture proposing a $10 million penalty against TerraCom, Inc. and YourTel America, Inc. (collectively, the “companies”) for allegedly violating laws protecting consumers’ personal information. Specifically, the FCC alleged that the companies placed the personal data of up to 300,000 consumers at risk by storing Social Security numbers, names, addresses, driver’s licenses, and other proprietary information on unprotected Internet servers that “anyone in the world could access.” The decision is the FCC’s first case involving data security. It is also informative as to the FCC’s current and evolving expectations with regard to carriers’ duties to protect sensitive consumer information, and it underscores the need for organizations in the communications sector to keep a close eye on both FCC and Federal Trade Commission data privacy and security enforcement activity.

Posted in Consumer Privacy

FTC Reminds Broadband Providers of their Data Privacy and Security Obligations

The Federal Trade Commission recently submitted comments to the Federal Communications Commission in which it reminded broadband Internet service providers that they are subject to several data privacy and security laws enforced by the FTC. The FTC’s comments underscore why broadband providers – as well as their vendors and business partners – must keep a close watch on both FCC and FTC developments in the privacy and security space.

Posted in Consumer Privacy

Hogan Lovells Article Anticipates Busy FTC Enforcement Season

Writing for Expert Guide: Competition and Antitrust Law, Hogan Lovells attorneys Dean Hansell and Charles Dickinson discuss the FTC’s current consumer protection initiatives and identify emerging areas of focus of the agency’s regulatory initiatives. Hansell and Dickinson also expect that the FTC may be “more willing to push enforcement initiatives” with its current roster of Commissioners and offer that “companies of all sizes would be well-served to understand how their businesses might fall under the FTC’s radar.”

Posted in Consumer Privacy, Health Privacy/HIPAA

FTC Examines Benefits and Risks of Consumer Generated and Controlled Health Data

On May 7, 2014, the Federal Trade Commission (FTC) held a seminar on Consumer Generated and Controlled Health Data (CGHD) that included participants from government, industry, and advocacy organizations. The seminar—which consisted of opening remarks by FTC Commissioner Julie Brill, brief presentations by FTC representatives on health information data flows and sharing of CGHD with third parties, and a panel discussion moderated by FTC attorneys Kristen Anderson and Cora Han—examined the potential benefits and risks of CGHD.

Posted in Privacy & Security Litigation

LabMD Rulings May Shed Future Light on “Reasonable” Data Security Practices

Last week, the Administrative Law Judge handling the Federal Trade Commission’s complaint against LabMD issued a pair of rulings that will require the Bureau of Consumer Protection to testify about the information security standards on which the FTC intends to rely at trial in order to prove that LabMD’s data security practices were inadequate. The ALJ’s rulings open up inquiry into issues at the center of the debate surrounding the FTC’s authority under Section 5 of the Federal Trade Commission Act: what are the data security standards that the FTC expects companies to meet, and has the FTC given the private sector adequate advance notice of these standards?

Posted in Consumer Privacy, Financial Privacy

FTC Focuses on Alternative Scoring Products

As part of its 2014 Spring Privacy Series, the Federal Trade Commission in March held a seminar to examine alternative scoring products and the possible benefits and risks of their growing use. During the seminar, FTC attorneys Katherine Armstrong and Andrea Arias of the Division of Privacy and Identity Protection moderated a panel discussion between various stakeholders that included public interest groups, the data industry, and academics.

Posted in Cybersecurity & Data Breaches

DOJ and FTC Clarify Antitrust Implications of Cybersecurity Information Sharing

On April 10, 2014, the Department of Justice and Federal Trade Commission issued a joint policy statement on the antitrust implications of sharing cybersecurity information to help facilitate the flow of cyberintelligence throughout the private sector. The statement addresses the long-standing concern that sharing cyberintelligence may violate antitrust law under certain circumstances and explains the analytical framework for such arrangements to make it clear that legitimate cyberintelligence exchanges will not raise antitrust issues.

Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

Federal Judge Upholds FTC’s Authority to Regulate Commercial Data Security Practices

A New Jersey federal judge yesterday issued the much-anticipated opinion in Federal Trade Commission v. Wyndham Worldwide Corp., denying Wyndham’s challenge to the FTC’s authority to regulate data security under Section 5 of the FTC Act. Although it only represents one district court’s findings on the issue, and was not a complete surprise given some of the judge’s statements during oral argument, the Commission for now has dodged a major bullet that threatened to derail its status as the lead commercial data security regulator in the United States.

Posted in Consumer Privacy

FTC Continues to Enforce Security Statements

The Federal Trade Commission (“FTC”) has settled with two mobile application developers, Fandango and Credit Karma, over charges that they misrepresented the security of their mobile applications. According to the FTC, the developers failed to provide reasonable and appropriate security when their mobile applications transmitted consumers’ sensitive information. The particular issues noted by the FTC in its complaints against the developers differ to some degree, but the complaints share a common thread: the developers disabled the Secure Sockets Layer (SSL) protocol, which authenticates and encrypts communications across networks. In our post, we provide a high-level description of how SSL works, summarize the FTC’s complaints against Fandango and Credit Karma, and identify some important takeaways from these settlements.

Posted in News & Events

Hogan Lovells Engages at IAPP Global Privacy Summit

The Hogan Lovells Privacy Team looks forward to seeing many of you this week at the International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington, D.C. We are delighted to once again participate in the Summit as a gold level sponsor and hope you will visit us at Booth 7 in the Exhibition Hall to learn more about our Global Privacy and Information Management Practice. Hogan Lovells attorneys will also be featured at a number of breakout sessions.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

FTC Data Security Settlement Highlights Need for Third-Party Vendor Management and Oversight

On January 31, the Federal Trade Commission announced a settlement with GMR Transcription Services following the public exposure of thousands of medical transcript files containing personal medical information. According to the FTC complaint, GMR failed to adequately verify that its overseas service provider implemented reasonable and appropriate security measures to protect personal information being transmitted and processed. This settlement, the FTC’s 50th with respect to data security, highlights the need for companies to engage in thorough vendor management and oversight with respect to data security practices.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA, Privacy & Security Litigation

LabMD Blames its Shutdown on FTC Legal Battle over Security Protections

LabMD recently announced its plans to wind down operations, citing its ongoing legal battle with the Federal Trade Commission over the company’s data security practices as a major cause. In a letter dated January 6, LabMD president Michael Daugherty informed the company’s customers and workforce that the medical testing laboratory would no longer be accepting new specimens after January 11 and that the company’s phones and internet access would be discontinued shortly thereafter. Daugherty’s letter blamed the FTC’s “debilitating investigation and litigation” as a major source of the company’s decision to wind down operations.

Posted in Consumer Privacy, International/EU Privacy

FTC Settles Actions Against Twelve Companies for Improperly Representing Safe Harbor Certification

Less than two months after the European Commission issued a report urging the Federal Trade Commission to step up enforcement of the EU-U.S. Safe Harbor framework, the FTC announced a settlement with twelve companies — including an Internet service provider, makers of consumer goods, three National Football League teams, and a developer of mobile applications — over allegations that they deceptively claimed to be certified under Safe Harbor. According to the FTC, each of these companies represented that they maintained a active Safe Harbor certification with the U.S. Department of Commerce when in fact they did not.

Posted in Consumer Privacy

FTC Approves New Method for Obtaining COPPA Verifiable Parental Consent

The Federal Trade Commission (FTC) recently approved appropriately implemented “knowledge-based authentication” as a method for obtaining verifiable parental consent (VPC) under the Children’s Online Protection Act (COPPA). To be “appropriately implemented,” operators should assess whether any knowledge-based authentication technology:
•Generates “dynamic, multiple choice questions”;
•Asks “a reasonable number of questions with an adequate number of possible answers” to ensure that “the probability of correctly guessing the answer is low”; and
•Uses “questions of sufficient difficulty that a child age 12 or under in the parent’s household could not reasonably ascertain the answers.”

The FTC’s action provides online operators some welcome flexibility in implementing COPPA-compliant VPC strategies and demonstrates that the FTC will give serious consideration to VPC proposals.

Posted in Social Media

Financial Regulators Finalize Social Media Guidance and Address Industry Questions

The Federal Financial Institutions Examination Council (FFIEC) has released final supervisory guidance on the use of social media by financial institutions. We last reported on the guidance when it was published in draft form in January 2013. The final guidance is substantially similar to the proposal (and we encourage you to read our prior post for more details on the elements of the guidance), but the FFIEC made certain revisions in light of the 81 public comments it received on the proposal.

Posted in Consumer Privacy, News & Events

Privacy a Top Agenda Item for FTC, NTIA Entering 2014

With the new year fast approaching, the Federal Trade Commission and the National Telecommunications & Information Administration, a bureau within the Department of Commerce, recently announced a number of privacy initiatives for 2014 that will break new ground for both agencies and will impact a wide array of industries.

Posted in Consumer Privacy

New Paper Considers Privacy Paradigm for Internet of Things

  A new paper published by the Future of Privacy Forum examines the appropriate privacy paradigm for the world of the Internet of Things.  The paper was co-authored by Hogan Lovells Privacy and Information Management practice leader Christopher Wolf who also is the founder and co-chair of the Future of Privacy Forum (with co-author Jules Polonetsky).  The [...]

Posted in Consumer Privacy

IAPP Piece Sets Stage for Upcoming Internet of Things Workshop

On November 19, 2013 the Federal Trade Commission will hold its first ever workshop on the Internet of Things. The Workshop does not aim to debate regulation or codes of conduct, but is rather a fact finding mission aimed at uncovering the privacy and security concerns inherent in the Internet of Things, where a range of devices collect and communicate personal information perpetually.

Posted in Consumer Privacy, Privacy & Security Litigation

FTC Settles Case Against “Rent-to-Own” Franchisor that Guided Franchisees’ Use of Spyware

On October 22, the FTC announced a settlement with national “rent-to-own” retailer Aaron’s, Inc. on charges that it knowingly assisted its franchisees in tacitly collecting images and information about their customers. Specifically, the FTC alleges that Aaron’s “played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly monitored consumers including taking webcam pictures of them in their homes.”

Posted in Consumer Privacy

Hogan Lovells Contributes Focus on Privacy and Trade to Global Privacy Meeting

At the 35th annual Conference of Data Protection Authorities and Privacy Commissioners in Warsaw, Poland today, Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and trade in light of the ongoing Transatlantic Trade and Investment Partnership negotiations between the EU and the U.S. This post contains prepared remarks to the commissioner’s on the need for interoperable cross-border privacy standards and the merits of the U.S. privacy regime.