Last week, U.S. District Court Judge Edward M. Chen denied AT&T Mobility’s motion to dismiss the Federal Trade Commission’s (FTC’s) October 2014 complaint alleging that AT&T engaged in unfair and deceptive practices in connection with its retail mobile broadband data services. AT&T argued that its status as a common carrier makes it exempt from enforcement of the FTC Act. The court disagreed. At issue is the scope of the common carrier exemption.
On August 28, the Federal Trade Commission (FTC) filed an administrative complaint against medical testing laboratory LabMD based on allegations that the company engaged in “unfair acts or practices” by failing to employ “reasonable and appropriate measures to prevent unauthorized access to personal information.” The FTC’s action in this case stems from an incident in which a file containing personal information on approximately 9,300 individuals allegedly was shared on a peer-to-peer (P2P) network from a company computer with P2P file-sharing software installed. The complaint follows other recent FTC actions in which the agency has relied on its Section 5 authority under the FTC Act to claim that companies’ exposure of data to P2P networks constituted an unlawful, unfair data security practice. The FTC’s action against LabMD makes clear that institutions governed by the Health Insurance Portability and Accountability Act (HIPAA) must also be mindful of the FTC’s increasing enforcement activity related to security controls, including actions against healthcare providers.
On March 7, the FTC announced a major new initiative cracking down on text message spammers and drove home the point by commencing eight new lawsuits against alleged spammers. In eight complaints filed in four different federal courts across the country, the FTC has charged a total of twenty-nine defendants, alleging that they collectively sent […]
In its first enforcement action under the Fair Credit Reporting Act (“FCRA”) about the sale of data compiled from publicly available online sources in the context of employment screening, the Federal Trade Commission (“FTC”) announced yesterday that it had entered into a $800,000 settlement with an online data broker, Spokeo, for allegedly marketing consumer profiles to employers and recruiters without complying with the requirements of FCRA. In addition, the FTC settled charges that Spokeo violated Section 5 of the FTC Act by posting surreptitious endorsements of its services under the names of others.
The Federal Trade Commission this afternoon announced a proposed consent decree with the prominent social network Facebook, settling allegations that Facebook violated Section 5 of the FTC Act by failing to live up to representations made to consumers regarding its privacy practices. Among other remedial measures, the FTC required Facebook to obtain independent privacy compliance audits for the next 20 years. Along with the FTC’s recent consent decrees with Google and Twitter, the FTC now effectively has regulatory oversight over the privacy and data security practices of the three most prominent social networking companies in the United States.