The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware.

Ransomware is a malicious software

As we have previously reported, in less than two weeks the FTC will host its anticipated workshop on big data and discrimination.  Today the FTC announced a full agenda and panelists for the September 15th event, “Big Data: A Tool for Inclusion or Exclusion?” which will take place in Washington, D.C., at the Constitution Center.  The workshop is open to the public, and registration begins at 8 a.m.  The following provides a full schedule of speakers and panels.
Continue Reading Schedule of Panelists for FTC’s Upcoming Big Data & Discrimination Workshop

On Wednesday, the Senate Commerce Committee held a hearing on “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”  With recent high-profile breaches, and White House officials just this week telling industry executives that federal authorities notified more than 3,000 companies of cyber attacks last year, data security continues to attract the attention of lawmakers.  Specifically, the hearing follows data-breach legislation introduced in January by Chairman John D. Rockefeller IV (D-WV), which parallels at least four other similar bills recently proposed in the Senate.  Last month, several congressional committees held hearings on the topic of cyber security and data breach, dedicating almost an entire week to the issue.

Ahead of the hearing, Chairman Rockefeller released a majority staff report analyzing the Target data breach by applying the widely used “intrusion kill chain” analytic framework.  The kill-chain doctrine illustrates how cyber threats, viewed as a progressive campaign involving a number of distinct intrusion points, can be combated by disrupting different phases of the attack chain.  Appearing in the Senate for the second time this year after discussing his company’s data breach with the Judiciary Committee last month, Target’s Chief Financial Officer John Mulligan testified at the hearing.  The single panel also included witnesses from the government and public and private sectors, including the Federal Trade Commission, Visa, and the University of Maryland, which recently suffered two data breaches. 

While Mr. Mulligan spent some time discussing the particulars of Target’s data breach and response efforts, the hearing primarily addressed industry-wide prevention and enforcement possibilities.  Committee members examined the following principal points.


Continue Reading Senate Commerce Committee Discusses Data Breaches

Continuing a spate of recent legislative activity, the Senate Commerce Committee is bringing the hot topic of data breach back to the Hill.  This Wednesday, the Commerce Committee will hold a hearing entitled, “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.”  According to the Committee, recent data breaches at Target, Neiman Marcus, White Lodging, Snapchat, and the University of Maryland have illustrated the need to improve protections of consumer data.  The hearing will examine the risks that breaches create for consumers, the lack of a federal data-security law, and several data-security bills currently pending that would establish such a federal standard.  The following witnesses are scheduled to testify:

  • Edith Ramirez, Chairwoman of the Federal Trade Commission
  • John J. Mulligan, Vice President and Chief Financial Officer of Target
  • Dr. Wallace D. Loh, President of the University of Maryland
  • David Wagner, President of Entrust
  • Peter J. Beshar, Executive Vice President and General Counsel of Marsh & McLennan
  • Ellen Richey, Chief Enterprise Risk Officer at Visa


Continue Reading Senate Commerce Committee To Examine Data Breaches and Cyber Attacks

Last month, the FTC held a public workshop on the “Internet of Things” (or “IoT”), during which it examined the privacy and security implications of everyday objects being connected to the Internet and to each other.  The workshop—which considered “things” ranging from connected cars to remote-controlled defibrillators—brought together academics, business and industry representatives, and consumer advocacy groups to explore these issues.

The participants voiced a variety of views about what the IoT means for consumer privacy.  One memorable—and certainly debatable—perspective was that of Vint Cerf, Google’s chief Internet evangelist and lead engineer on the Internet prototype “ARPANET,” who told the audience that “privacy may actually be an anomaly” and ultimately unsustainable in our increasingly connected world.

There were other key moments in the workshop that helped to illuminate the FTC’s position on how businesses should approach the IoT.  Now that the initial reports are in, we provide 5 key takeaways after the jump.


Continue Reading The FTC’s “Internet of Things” Workshop in Perspective; 5 Key Takeaways for How it Could Affect Consumer Privacy Going Forward

Earlier this week, U.S. Federal Trade Commission (FTC) Chairwoman Edith Ramirez gave the keynote address at a technology conference, in which she focused on the privacy challenges of so-called “big data.”   Her remarks provide some guidance about what the FTC considers “best practices” in terms of deploying big data analytics without raising privacy concerns.  

  • Data minimization and sound retention limits.    The Chairwoman urged companies to “[a]void the indiscriminate collection of personal information” and suggested that it is not appropriate for companies to, “[k]eep data on the off-chance that it might prove useful.”  She also suggested that retention limits are appropriate, noting that “old data is of little value.”
  • De-identification.   She noted that stripping out unique identifiers to render data anonymous can be an effective risk-mitigation technique.  She cited the FTC’s 2012 Privacy Report as describing “an approach to de-identification that seeks to balance the benefits of de-identification with the risks that anonymous data will be re-identified.”
  • Choice.  She called on companies to “focus[] on consumer choice at the time of collection.”  She noted that when consumers decide to share personal data with a business, that consent “is generally limited to the transaction at hand.”  “Rarely, if ever, are consumers given a say about the aggregation of their personal data or secondary uses that are not even contemplated when their data is first collected.”  Chairwoman Ramirez did not expand on what she believes that companies should do to provide consumers more of a “say” with respect to the aggregation and secondary uses of their data.


Continue Reading Ramirez Says That FTC Will Use Tools To Protect Consumers From “Big Data” Privacy Concerns

News outlets are reporting that the White House will appoint FTC Commissioner Edith Ramirez to lead the Commission.  She would replace current FTC Chairman Jon Leibowitz, who announced his resignation in January.  Ramirez’s appointment to chair the Commission would leave it evenly split between Democrats and Republicans, with one empty seat until another person is