Archives: FTC

Subscribe to FTC RSS Feed

And Now There are Three: Nevada Joins California and Delaware in Privacy Policy Requirements for Website Operators

The latest development with respect to privacy policies involves amendments to existing legislation governing state statutes governing the security of personal information for website operators and online service providers. (See June 30, 2017 Alert – FTC Issues Updated Guidance for Compliance with COPPA).  This may be the next wave of statutory amendments in the ongoing … Continue Reading

ALERT – FTC Issues Updated Guidance for Compliance with COPPA

On June 21, 2017, the Federal Trade Commission (FTC) updated its guidance for compliance with the Children’s Online Privacy Protection Act (COPPA).  COPPA regulates websites and other online services in connection with collection of information from children under 13.  The full version of the FTC’s updated guidance is available at The FTC guidance instructs … Continue Reading

Recent Trends in Bankruptcy Sales of Customer Data

Introduction In 2005, Congress amended the Bankruptcy Code to address privacy concerns in connection with sales of customer data in bankruptcy cases. The Code was specifically amended to restrict or prohibit the sale of customers’ personally identifiable information – as defined by the Bankruptcy Code – when in violation of a debtor company’s existing privacy … Continue Reading

FTC Report Highlights Privacy Concerns and Best Practices for Cross-Device Tracking

On January 23, 2017, the FTC released a Staff Report (the Report) on cross-device tracking, a commonly used practice that allows companies to associate multiple internet-based devices with the same consumer in order to track behavior across devices. The Report follows the FTC’s Workshop on cross-device tracking, and alerts companies engaged in cross-device tracking of certain best … Continue Reading

FTC Settles Ashley Madison Data Breach Complaint

The operators of Ashley Madison, the dating website for married people that became famous following its massive data breach in 2015, settled claims brought by the Federal Trade Commission (“FTC”) regarding that breach and their security practices and representations. Ruby Corp., Ruby Life Inc., and ADL Media Inc. (collectively, “Ruby”), named as defendants, were responsible … Continue Reading

Governmental Updates You Need to Know About

In the past few weeks, the government issued alerts and guidance on two noteworthy topics involving data security issues: phishing and ransomware – discussed below: Don’t Get Phished: OCR Warns of Phishing Scheme Targeting HIPAA Covered Entities & Business Associates As previously reported in the March 21, 2016 and July 12, 2016 Blog Posts, the … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading

FTC Takes LabMD to Task for Inadequate Computer Security Practices in Violation of Section 5(n)

In a unanimous opinion, the Federal Trade Commission ruled that an Administrative Law Judge erred when he concluded that the FTC failed to prove that LabMD, a Georgia-based clinical testing laboratory, had engaged in an “unfair or deceptive trade practice” based on inadequate computer security for records containing protected health information (PHI) and sensitive personally … Continue Reading

FCC Net Neutrality Rules Upheld by Federal Appeals Court

Today, a federal appeals court upheld the FCC’s recent net neutrality rules which purportedly make internet service providers treat all web traffic equally, delivering a major defeat to cable and telephone companies. The D.C. Circuit Court of Appeals, in a 2-1 vote, affirmed the FCC’s net neutrality rules, which have been supported by both consumer … Continue Reading

Breaking News- USA and EU Reach Data Transfer Agreement to Replace Safe Harbor

Today, the European Commission announced that the United States and the European Union reached a trans-Atlantic data transfer agreement called “EU-US Privacy Shield” to replace Safe Harbor. While the written text of Privacy Shield has not yet been released, the agreement introduces a new regime for trans-Atlantic transfer of Europeans’ data. We can expect to … Continue Reading

FTC’s First PrivacyCon Event Reveals Cutting Edge Research in Key Data Privacy Issues and Hot Topics on the FTC’s Radar

The FTC held its first PrivacyCon event on January 14, 2016, bringing together scholars, researchers, and the FTC to discuss the latest privacy and data security research in 5 topic areas: 1) state of online privacy, 2) consumer’s privacy expectations, 3) big data in algorithms, 4) the economics of privacy and data security, and 5) … Continue Reading

No Harm, No Foul – FTC Claims Of Deficient Security Practices Dismissed Based on Insufficient Evidence of Actual Harm

Is it reckless for a bank to leave its vault unlocked? If you accept the reasoning of Federal Trade Commission (FTC) Chief Administrative Law Judge D. Michael Chappell – only if someone actually breaks in and steals something. On this premise, the FTC’s unfair data security practices case against LabMD, a Georgia-based clinical testing laboratory, … Continue Reading

Sponsored Social Media Posts Riskier than Ever

Five months after the Federal Trade Commission (FTC) issued updated guidance regarding paid endorsements, it is clearer than ever that it plans to take increasing action against retailers for soliciting reviews on social media. The FTC’s plans were reinforced on October 15, 2015, when FTC Commissioner Julie Brill, in a keynote address at the Better … Continue Reading

The Third Circuit Court of Appeals’ Wyndham Decision Gives a Green Light to the FTC to Sue Businesses for Lax Cybersecurity Practices Under the Unfairness Prong of Section 5 of the FTC Act

On August 24, 2015, the Third Circuit Court of Appeals affirmed denial of Wyndham Worldwide Corporation’s motion to dismiss the FTC’s lawsuit against it. This ruling is significant for several reasons. First, the ruling finds the FTC has the authority to regulate corporate data security practices under the unfairness prong of Section 5 of the … Continue Reading

Second Wave of Auto-Renew Lawsuits Makes Business Model Risky

In the past several years, subscription-based product and service providers have emerged in almost every sector. People are buying baby supplies, razors, groceries and cloud space by using a model once reserved for magazines. For a monthly fee, startups also offer services such as transportation, personal assistance, and dress rentals — as companies continue to … Continue Reading

In-Store Monitoring: How to Enjoy the Benefits of Tracking While Minimizing Potential Privacy Issues

In the latest example of the conflict between technological innovation and privacy concerns, the Federal Trade Commission (FTC) reached a settlement agreement last month with Nomi Technologies, Inc. Nomi is a startup whose technology allows retail merchants to analyze aggregate data about consumer traffic in the merchants’ stores. Although different companies track this data in … Continue Reading

New FCC Rules on CPNI Will Impact ISP’s and Businesses Who Rely on Internet Tracking Data

By now, most people know that in its recent Open Internet Order adopted on February 26, 2015, the FCC reclassified internet access services as common carrier “telecommunications services” subject to FCC jurisdiction under the Telecommunications Act of 1996.  The Order imposes a new regulatory framework on internet providers and, among many other things, augurs a … Continue Reading

SMS to Customers Seeking “Opt-In” for Advertisements May Violate TCPA

Customers who walked into a Bebe clothing store, purchased clothing, provided their phone numbers during the sale, and later received a text inviting them to “opt-in” to a list for additional discounts have a claim against Bebe under the Telephone Consumer Protection Act, 47 U.S.C. § 227 ( “TCPA”).  The offending message at issue read: … Continue Reading

A Winnable Fight Against Crimes In Cyberspace

California boldly made an example out of a felonious website owner who operated a website dedicated to shaming, embarrassing and harassing complete strangers. Following the first ever prosecution of the operator of a “revenge porn” website, Kevin Bollaert was convicted on 27 felony charges, including identity theft and extortion, all stemming from his role in … Continue Reading

Obama Sets Forth Privacy Initiatives to Federal Trade Commission

Yesterday, President Barack Obama addressed the Federal Trade Commission (FTC) and outlined his proposal for protecting and strengthening consumer and student personal data. President Obama called on Congress to support his initiative by passing legislation stating “this mission, protecting our information and privacy in the information age, this should not be a partisan issue.” Specifically, … Continue Reading

Federal Trade Commission Shows Willingness to Credit Responsive Data Security Efforts in Exercising Enforcement Authority

In a change of pace, the Federal Trade Commission (“FTC”) recently decided not to pursue an enforcement action against Verizon Communication, Inc. (“Verizon”) following an investigation into whether Verizon violated Section 5 of the Federal Trade Commission Act, by engaging in “unfair or deceptive acts or practices” when it failed to secure the routers used … Continue Reading

Federal Communications Commission Steps Loudly Into Realm of Data Privacy Enforcement

Last week, the Federal Communications Commission (“FCC”) announced its entrance into the data privacy enforcement realm by issuing a $10 million fine against two telecommunications companies for failing to adequately safeguard their customer’s sensitive personal information. In doing so, the FCC joined a growing list of regulatory bodies, such as the Federal Trade Commission (“FTC”) … Continue Reading

FTC Clarifies COPPA “Verifiable Parental Consent” Requirements

The Federal Trade Commission (FTC) modified guidelines it issues to developers who make apps specifically for children. App developers have taken advantage of the soaring lucrative app market aimed at a younger audience that not only enjoys the fast-paced adrenaline rush of modern technology, but actually relies on technology for educational development, as more school … Continue Reading

FTC Report Sheds Light on Dark World of Data Brokers

The Federal Trade Commission (“FTC”) recently issued a report entitled “Data Brokers: A Call for Transparency and Accountability” that identifies various concerns raised by the “Big Data” industry and provides solutions for addressing those concerns. The report focuses on data brokers – entities that collect consumer personal information and share or sell the information to … Continue Reading