The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.” Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples … Continue Reading
Today the FTC announced that it is undertaking a review of its CAN-SPAM Rule, which sets out the requirements for sending commercial e-mail messages. Among other things, the CAN-SPAM Rule requires that senders of commercial e-mails provide recipients a mechanism to opt out of receiving commercial e-mails, honor opt-out requests within 10 business days, and include specific disclosures in the … Continue Reading
The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet. The FTC’s 2013 revisions to the COPPA Rule greatly expanded … Continue Reading
The FCC has released the Notice of Proposed Rulemaking (“NPRM”) on “Restoring Internet Freedom” that was adopted by a 2-1 vote at the Commission’s open meeting on May 18. The NPRM is substantively very similar to the draft released by Chairman Pai on April 27, and the comment deadlines remain the same: July 17 for … Continue Reading
Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would create new online privacy requirements. The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of … Continue Reading
The Ninth Circuit announced today that the full court will rehear the case in which the three-judge panel opinion had dismissed the FTC’s lawsuit against AT&T for allegedly violating Section 5 of the FTC Act due to past “throttling” practices around unlimited data plans. According to the panel opinion, the FTC lacked jurisdiction over AT&T’s … Continue Reading
In a widely anticipated step, FCC Chairman Ajit Pai has released a draft Notice of Proposed Rulemaking (“NPRM”) on the legal framework that governs broadband providers and related net neutrality questions. Most notably from a privacy perspective, the draft NPRM proposes to find that broadband Internet access service is an “information service” under the Communications … Continue Reading
Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) reintroduced a pair of bills today relating to the cybersecurity of cars and aircraft, which would impose affirmative security, disclosure, and consent requirements on manufacturers and air carriers. The Security and Privacy in Your Car (“SPY Car”) Act and Cybersecurity Standards for Aircraft to Improve Resilience (“Cyber … Continue Reading
The FTC announced today that it will hold a joint workshop on June 28, 2017 with the National Highway Traffic Safety Administration (NHTSA) to “examine the consumer privacy and security issues posed by automated and connected motor vehicles.” The announcement lists several discussion topics for the upcoming workshop: the types of data vehicles with wireless … Continue Reading
The FTC released public comments yesterday on the National Telecommunications and Information Administration’s (NTIA) draft “Early Stage” Coordinated Vulnerability Disclosure Template released in December 2016. The draft template was released by the NTIA Safety Working Group as part of a multistakeholder process that convened security researchers and software and system developers and owners to address … Continue Reading
The Federal Trade Commission yesterday released its report on cross-device tracking. The report, which follows the Commission’s November 2015 Cross-Device Tracking Workshop, describes some of the current approaches to track consumers across multiple connected devices, discusses industry self-regulatory approaches to protect consumer privacy, and offers recommendations for how to apply longstanding FTC principles like transparency, … Continue Reading
On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement. Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading
The FTC announced today that it has reached a settlement with the operators of AshleyMadison.com (Ashley Madison) for alleged data security deficiencies and deceptive trade practices. According to the FTC, Ashley Madison, a dating website for married individuals, was hacked in July 2015, leading to the release of 36 million users’ account and profile information. … Continue Reading
Aura Labs, Inc. (Aura) has settled the FTC’s charges that it deceived consumers in relation to its mobile blood pressure app. The FTC’s complaint alleged that Aura deceptively claimed the app was as accurate as traditional blood pressure cuffs, and also that Aura’s owner posted a 5-star review of the app without disclosing his connection … Continue Reading
In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case. As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices. After … Continue Reading
On Tuesday, the FTC issued new guidance for businesses on responding to data breaches, along with an accompanying blog post and video. The data breach response guidance follows the issuance of the FTC’s “Start with Security” data security guidance last year and builds upon recent FTC education and outreach initiatives on data security and cybersecurity … Continue Reading
By Sari Sharoni On September 16, 2016, the Federal Trade Commission (“FTC”) hosted a workshop on the factors that may contribute to the effect disclosures have on consumer behavior. The workshop, “Putting Disclosures to the Test,” included speakers from a wide range of disciplines and industries, who remarked on aspects of disclosure such as consumer … Continue Reading
The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware. Ransomware is a malicious software … Continue Reading
By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states: “there’s really no such thing as ‘complying … Continue Reading
The Federal Trade Commission (“FTC” or “Commission”) is soliciting public comments on its Standards for Safeguarding Customer Information (“Safeguards Rule”) as part of the systematic review of all FTC rules and guides on a 10-year schedule. The Safeguards Rule was promulgated by the Commission pursuant to the Gramm-Leach-Bliley Act’s (“GLBA”) directive for federal agencies to … Continue Reading
In an opinion released today, the Ninth Circuit dismissed the Federal Trade Commission’s (“FTC”) lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices. AT&T’s practice of throttling the speed of customers with unlimited data plans once they reached a certain data usage threshold had been challenged by the … Continue Reading
The Federal Trade Commission (FTC) issued a unanimous opinion and order today, vacating the Administrative Law Judge’s (ALJ) initial decision and finding that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act. In August 2013, the FTC issued a complaint against LabMD, alleging that its failure to implement adequate data security … Continue Reading
In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that: “we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device … Continue Reading
A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy. As part of … Continue Reading
