Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

FTC Alleges TRUSTe’s Certified Privacy Seals Misled Consumers

Posted in Federal Trade Commission, United States

Last week, TRUSTe, Inc. (“TRUSTe”) settled Federal Trade Commission (“FTC”) charges that it misrepresented its certification programs and non-profit status to consumers.  TRUSTe offers clients Certified Privacy Seals, representing to consumers that the website, software, data processing service, or mobile application is compliant with the relevant TRUSTe program.  These programs include specifications related to transparency… Continue Reading

FTC and Wyndham to Mediate Dispute Over FTC Data-Security Authority

Posted in Litigation, United States

Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the FTC… Continue Reading

Bill Restricting the NSA’s Data Collection Practices Blocked in the Senate

Posted in Congress, United States

By Randall Friedland Yesterday, the USA Freedom Act (S. 2685), a bill aimed at curbing the National Security Agency’s (“NSA”) data collection practices, fell two votes short of the 60 votes necessary for cloture in the Senate.  The bill was largely blocked by Senate Republicans who expressed concern that the legislation would harm the government’s… Continue Reading

FTC Closes Investigation After Verizon Fixes Encryption Problems With FiOS and DSL Routers

Posted in Federal Communications Commission, Federal Trade Commission, United States

Earlier this week, the FTC notified Verizon by letter that it has closed its investigation into whether Verizon violated Section 5 of the FTC Act by failing to secure certain routers supplied to the company’s broadband subscribers.  The FTC’s investigation centered on Verizon’s practice of supplying routers that incorporated an outdated default security setting, an… Continue Reading

Recent Ninth Circuit Decisions Address Whether Consumers Must Explicitly Agree to User Terms

Posted in Litigation, Privacy Policies, United States

The Ninth Circuit recently issued two opinions addressing whether companies should require customers to explicitly agree to key provisions of user terms and other policies. On Monday, a unanimous three-judge panel issued an opinion in Knutson v. Sirius XM Radio.  In this case, the plaintiff purchased a Toyota that included a trial subscription to Sirius. … Continue Reading

Ten Ways the 2014 Election May Affect Privacy and Data Security Law

Posted in Congress, Cybersecurity, Data Breaches, Data Security, Federal Communications Commission, Federal Trade Commission, United States

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors.  Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition –… Continue Reading

Officials Comment on the Future of FTC, FCC, and CFPB Privacy Enforcement Authority

Posted in Federal Communications Commission, Federal Trade Commission, United States

By Caleb Skeath At a recent IAPP privacy event, officials from the FTC and CFPB offered insight into their respective agencies’ future enforcement plans, as well as the shifting landscape of privacy enforcement actions.  Although such enforcement actions have historically been the domain of the FTC, the FCC recently entered the privacy enforcement arena, announcing… Continue Reading

Another Court Finds That an Automated SMS Platform is Not an ATDS

Posted in Litigation, United States

By Ani Gevorkian Last week, the U.S. District Court for the Southern District of California issued an opinion regarding the definition of  an “Automatic Telephone Dialing System” (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).  The opinion follows a small but growing number of cases holding that courts have their own ability to interpret the… Continue Reading

California Attorney General’s Second Annual Data Breach Report Finds Dramatic Increase in Number of Data Breaches

Posted in State Legislatures, United States

By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report.   The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013.  The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics… Continue Reading

FTC Says AT&T Fails to Deliver on ‘Unlimited’ Data Promises

Posted in Federal Trade Commission

Yesterday, the Federal Trade Commission (FTC) filed a complaint against AT&T alleging that the company misled consumers by limiting its “unlimited” data plan for mobile customers. The FTC’s two-count complaint, which was filed in the U.S. District Court for the Northern District of California, alleges that AT&T violated Section 5 of the FTC Act, which… Continue Reading

Whisper’s Privacy Problem: Sen. Rockefeller Pushes for Probe While Editorial Team Is Suspended Pending Review

Posted in Congress, United States

Following the Guardian’s recent exposé on Whisper’s consumer-privacy practices, alleging that the social-media app that supposedly allows people “to anonymously share [their] thoughts with the world . . . in a community built around trust and honesty,” in fact tracks the geolocation of users who opted out of such data collection, Chairman of the Senate… Continue Reading

FCC Expands Application of Customer Privacy Provisions with $10 Million Fine Against Carriers

Posted in Federal Communications Commission

By Caleb Skeath Last Friday, the FCC announced that it intends to fine two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — a total of $10 million for failing to protect certain customer data.  According to the FCC, the two carriers, which provide discount phone services to low-income individuals, posted customer “proprietary information”… Continue Reading

Senators Request Hearing on Connected Devices

Posted in Congress, United States

On October 20, 2014, a bipartisan group of senators sent a letter to U.S. Senate Committee on Commerce, Science, & Transportation Chairman John D. Rockefeller IV (D-W.Va.) and Ranking Member John Thune (R-S.D.), requesting that the Committee schedule a “general oversight and information-gathering hearing” on digitally connected technologies before the end of 2014. The letter, penned by… Continue Reading

FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014

Posted in Cybersecurity, Data Security, United States

On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.  The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and… Continue Reading

California Amends Data Breach Legislation

Posted in Data Breaches, Data Security, State Legislatures

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement… Continue Reading

IAPP Privacy Academy: “Data Brokers Demystified”

Posted in Federal Trade Commission

The International Association of Privacy Professionals hosted its annual Privacy Academy, at which one panel, “Data Brokers Demystified,” specifically focused on regulation of the data-broker industry.  The panelists included Janis Kestenbaum from the Federal Trade Commission, Jennifer Glasgow from Acxiom, and Pam Dixon from the World Privacy Forum.  Emilio Cividanes from Venable also participated. Major… Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

Posted in State Legislatures, United States

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things,… Continue Reading

GAO Report Details CFPB’s Large-Scale Data Collection Practices, Identifies Shortcomings

Posted in Financial Privacy, United States

This week, the Government Accountability Office (“GAO”) released a report recommending eleven actions the Consumer Financial Protection Bureau (“CFPB”) should take to enhance the privacy and security of its ongoing data collections.  The report also provides a detailed look at the increasingly large volume of information that CFPB collects, and how the agency’s data collection… Continue Reading

FTC Public Workshop On Big-Data Discrimination: Assessing the Current Environment

Posted in Federal Trade Commission, United States

On Monday, the FTC hosted a public workshop on the topic of big data and discrimination entitled, “Big Data: A Tool for Inclusion or Exclusion?” The first panel, which explored today’s big-data landscape, featured the following speakers from government, industry, and academia: Kristin Amerling, Chief Investigative Counsel and Director of Oversight at the U.S. Senate… Continue Reading

What the FTC’s Latest COPPA Settlements Mean for Mobile Apps

Posted in Children's Privacy, Federal Trade Commission, Mobile, Social Media, Uncategorized

Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers: TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email addresses through its mobile app… Continue Reading

Privacy Weekend: Provocative Articles We’re Reading Now

Posted in Federal Trade Commission, Privacy Weekend, United States

It’s shaping up to be a big data weekend, for those of us who try to find some interesting weekend reading away from the crush of the day-to-day schedule.  If you’re thinking about Monday’s FTC workshop on the impact of big-data analytics on vulnerable communities, a bit of weekend reading about the intersection between technology… Continue Reading