FTC amendment to Safeguards Rule
Posted in Data breach, GeneralTag archives: FTC
Posted in Data breach, GeneralOCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline
On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading
FTC proposed consent order prohibits perpetual retention of personal information
Posted in GeneralAnother fine for over-retention of data
Posted in Compliance and risk management
A third regulator has recently entered into a proposed consent that includes a $500,000 fine based in part on a company’s over-retention of personal data for longer than it was needed. The first regulator was the French data protection authority, the CNIL, in 2021, which we wrote about here. The second regulator was the New … Continue reading
FTC to levy unprecedented $US5bn fine against Facebook
Posted in Data breach, Regulatory response
The Wall Street Journal reported that Federal Trade Commission and Facebook reached a settlement to resolve Facebook’s privacy issues.… Continue reading
FTC, privacy, vendor due diligence and opt-in consent
Posted in Regulatory response
On April 30, 2018, the U.S. Federal Trade Commission (FTC) released for public comment an administrative complaint and proposed consent agreement with mobile phone manufacturer BLU Products Inc. and its owner and president. Although the FTC has entered into many settlements relating to privacy and data security, this proposed settlement is particularly noteworthy for two … Continue reading
Blocking illegal or fraudulent ‘robocalls’: FCC rulemaking, with FTC comments
Posted in Regulatory responseIllegal robocalls are a “scourge.” So says FCC Chairman Ajit Pai, and most consumers likely agree. Both the FCC and the FTC (each of which has jurisdiction over some aspects of telemarketing regulation) are actively pursuing ways to curb illegal and fraudulent robocalls. The FCC issued a report and order in November 2017 authorizing telecommunications … Continue reading
US Commission on Enhancing National Cybersecurity: Action Plan for the President-Elect
The US Commission on Enhancing National Cybersecurity, a nonpartisan group established by President Obama in early 2016, released its final report on December 1, 2016. The report provides an in-depth view of cybersecurity challenges facing the digital economy, and provides a roadmap for addressing those challenges. For some issues, the Commission recommends that the next … Continue reading
Recent Developments from Our Sister Blogs
FTC Enforcement Possible for Failing to Guard Against Ransomware
Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading
FTC Commissioner Julie Brill comments on EU-US Privacy Shield
FTC Commissioner Julie Brill sat down this morning with the Information Technology and Innovation Foundation to discuss the EU-US Privacy Shield, the new framework for transatlantic transfer of personal data announced earlier this week. Commissioner Brill began by discussing the agreement generally, and provided valuable insight on the role of the Federal Trade Commission (FTC) … Continue reading
White House Releases Draft Consumer Privacy Bill of Rights Act
Late afternoon last Friday, the White House released its draft Consumer Privacy Bill of Rights Act (the “Act”). This follows on the heels on the President’s announcement of cybersecurity as a top priority of the administration, which foreshadowed the release of the Act and included other initiatives, including one for a single national breach notification … Continue reading
FTC issues new privacy and security report on the internet of things
In advance of what will likely be a flood of interconnected devices to soon hit the market, the Federal Trade Commission (“FTC”) today announced the release of a new report on the Internet of Things (the “Report”). Focusing on privacy and security, the FTC makes several suggestions to companies developing Internet of Things devices that are marketed … Continue reading
FTC Commissioner Julie Brill to lead a privacy roundtable at Norton Rose Fulbright
On January 30, 2015, Norton Rose Fulbright New York City office will host FTC Commissioner Julie Brill for a privacy roundtable. As part of the IAPP KnowledgeNet lecture series, Commissioner Brill will address privacy topics that will be in focus for 2015: Big Data, its fair use and effects on consumers, the privacy issues raised by … Continue reading
Just what the doctor ordered: President outlines national breach law proposal
Leading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading
Sharing Cyber Threat Information: A Legal Perspective (ISSA Journal Article)
The ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspective, authored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission … Continue reading
