"FTC Act"

Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the

Earlier this week, the FTC notified Verizon by letter that it has closed its investigation into whether Verizon violated Section 5 of the FTC Act by failing to secure certain routers supplied to the company’s broadband subscribers.  The FTC’s investigation centered on Verizon’s practice of supplying routers that incorporated an outdated default security setting, an encryption standard known as Wired Equivalent Privacy (“WEP”).  According to the FTC, flaws in WEP were identified by researchers in 2004, but Verizon continued until recently to ship some WEP router models.  According to the FTC, this left some Verizon subscribers vulnerable to hackers.

In its letter, the FTC explained that the following factors led it to close its investigation:

  • Verizon’s overall data-security practices related to its routers.
  • Verizon’s efforts to mitigate the risk that subscribers using WEP-model routers would be vulnerable to hackers, including:
  1. by removing the WEP model routers from distribution centers and setting them to Wi-Fi Protected Access 2 (“WPA2”), ensuring that future distributed routers would be set by default to WPA2;
  2. by implementing an outreach campaign to subscribers currently using WEP or no encryption, and requesting that those subscribers change their security settings to WPA2; and
  3. offering upgrades to WPA2-compatible units for subscribers in possession of older, incompatible routers.
    Continue Reading FTC Closes Investigation After Verizon Fixes Encryption Problems With FiOS and DSL Routers

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in

Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers.  The case has been closely

In a closing letter declining to bring enforcement action against shoemaker Cole Haan, FTC staff stated that it believes “Pins” on Pinterest featuring a company’s products can constitute an endorsement of those products, and that if the pins are incentivized by the opportunity to win a significant prize in a contest, contestants should be instructed to label their pins appropriately. 

The closing letter follows an investigation into whether Cole Haan violated Section 5 of the Federal Trade Commission Act in connection with its “Wandering Sole” Pinterest Contest.  Section 5 of the FTC Act protects consumers from “unfair or deceptive acts or practices.”  Pursuant to its Section 5 authority, the FTC requires disclosure when there exists a connection between a product endorser and the seller of the advertiser product that might materially affect the weight or credibility of the endorsement (i.e., the connection is not reasonably expected by the audience). 

For a chance to win a $1,000 shopping spree, Wandering Sole contestants were instructed to create Pinterest boards that included five re-pins of shoe images from Cole Haan’s Wandering Sole Pinterest Board.  According to the FTC, these re-pinned images featuring Cole Haan shoes constituted product endorsements that were “incentivized by the opportunity to win” a shopping spree, therefore creating a material connection requiring disclosure.  The contest rules directed contestants to caption each pin with “#WanderingSole,” but the FTC determined that the hashtag was not adequate in communicating the material connection — i.e., financial incentive — between Cole Haan and its contestants.  The FTC concluded that “entry into a contest to receive a significant prize in exchange for endorsing a product through social media constitutes a material connection that would not reasonably be expected by viewers of the endorsement.”Continue Reading FTC Cole Haan Closing Letter: Encouraging Pinterest “Pins” in a Contest Can Trigger Endorsement Guidelines

The Federal Trade Commission (FTC) recently announced a settlement with Accretive Health, Inc., a provider of medical billing and revenue management services to hospitals.  The FTC’s complaint alleged that Accretive failed to provide reasonable and appropriate security for consumers’ personal information, and this failure constituted an unfair act or practice in violation of Section 5

Last month, the FTC held a public workshop on the “Internet of Things” (or “IoT”), during which it examined the privacy and security implications of everyday objects being connected to the Internet and to each other.  The workshop—which considered “things” ranging from connected cars to remote-controlled defibrillators—brought together academics, business and industry representatives, and consumer advocacy groups to explore these issues.

The participants voiced a variety of views about what the IoT means for consumer privacy.  One memorable—and certainly debatable—perspective was that of Vint Cerf, Google’s chief Internet evangelist and lead engineer on the Internet prototype “ARPANET,” who told the audience that “privacy may actually be an anomaly” and ultimately unsustainable in our increasingly connected world.

There were other key moments in the workshop that helped to illuminate the FTC’s position on how businesses should approach the IoT.  Now that the initial reports are in, we provide 5 key takeaways after the jump.Continue Reading The FTC’s “Internet of Things” Workshop in Perspective; 5 Key Takeaways for How it Could Affect Consumer Privacy Going Forward

Today, the Federal Trade Commission is defending its authority to enforce Section 5 of the FTC Act against  Wyndham Hotels in connection with alleged lax data security procedures.  Following several publicized data security breaches, the FTC investigated Wyndham and concluded that the hotel company failed to employ “reasonable and appropriate” data security practices, citing, for