Tag Archives: Section 5

New Republican Privacy Bill Would Expand Scope of “Sensitive” Data

Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would  create new online privacy requirements.  The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of … Continue Reading

Ninth Circuit Will Rehear Dismissal of FTC Throttling Suit

The Ninth Circuit announced today that the full court will rehear the case in which the three-judge panel opinion had dismissed the FTC’s lawsuit against AT&T for allegedly violating Section 5 of the FTC Act due to past “throttling” practices around unlimited data plans.  According to the panel opinion, the FTC lacked jurisdiction over AT&T’s … Continue Reading

Ashley Madison Settles Data Security and Deception Charges

The FTC announced today that it has reached a settlement with the operators of AshleyMadison.com (Ashley Madison) for alleged data security deficiencies and deceptive trade practices.  According to the FTC, Ashley Madison, a dating website for married individuals, was hacked in July 2015, leading to the release of 36 million users’ account and profile information.  … Continue Reading

Appellate Court Stays Enforcement of FTC’s LabMD Order

In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case.  As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices.  After … Continue Reading

FTC Maps Its Cybersecurity Requirements to NIST Cybersecurity Framework Core Functions

By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states:  “there’s really no such thing as ‘complying … Continue Reading

Ninth Circuit Dismisses FTC’s Throttling Suit Against AT&T

In an opinion released today, the Ninth Circuit dismissed the Federal Trade Commission’s (“FTC”) lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices.  AT&T’s practice of throttling the speed of customers with unlimited data plans once they reached a certain data usage threshold had been challenged by the … Continue Reading

FTC: LabMD’s Data Security Practices Violated the FTC Act

The Federal Trade Commission (FTC) issued a unanimous opinion and order today, vacating the Administrative Law Judge’s (ALJ) initial decision and finding that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act.  In August 2013, the FTC issued a complaint against LabMD, alleging that its failure to implement adequate data security … Continue Reading

Ninth Circuit Hears FTC’s Throttling Case Against AT&T

Earlier this week, the Ninth Circuit heard oral argument in AT&T’s appeal of a lower court decision to not dismiss the Federal Trade Commission’s (FTC’s) complaint alleging that AT&T misled consumers by limiting its “unlimited” data plan for mobile customers. As we previously reported, in October 2014 the FTC filed a complaint alleging that AT&T … Continue Reading

FTC and Wyndham Present Arguments on Whether FTC has Declared Unreasonable Cybersecurity Practices Unfair

On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act … Continue Reading

AT&T: FTC Lacks Jurisdiction Even Under “Activity-Based” Interpretation of the Common Carrier Exemption

Last week AT&T filed a Reply in support of its Motion to Dismiss challenging the Federal Trade Commission’s (FTC’s) attempt to exercise jurisdiction over the company pursuant to Section 5 of the FTC Act. As we previously reported, the FTC filed a complaint against AT&T alleging that the company misled consumers by reducing the data … Continue Reading

FTC Says Common Carrier Exemption to Section 5 Jurisdiction is Activity-Based, Not Status-Based

Last week the Federal Trade Commission (FTC) opposed a Motion to Dismiss filed by AT&T that challenged the FTC’s attempt to exercise jurisdiction over the company in connection with certain of its mobile broadband service activities. As we previously reported, the FTC filed a complaint against AT&T in late 2014 alleging that AT&T engaged in … Continue Reading

FTC and Wyndham to Mediate Dispute Over FTC Data-Security Authority

Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the FTC … Continue Reading

Breaking Down the Court’s Decision in FTC v. Wyndham Worldwide Corp.

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in … Continue Reading

Judge Denies Wyndham’s Motion to Dismiss, Allowing FTC’s Case to Proceed

Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers.  The case has been closely watched … Continue Reading

FTC Announces Settlements with Two Mobile App Providers

Today, the Federal Trade Commission announced settlements with two mobile app makers that allegedly failed to provide reasonable security for the personal information collected in connection with their apps.  In complaints against Credit Karma, Inc. and Fandango LLC, the FTC alleged that both companies’ apps failed to validate SSL certificates, a security shortcoming that could … Continue Reading

The Wyndham Case is Being Argued Today: Why You Should Care

Today, the Federal Trade Commission is defending its authority to enforce Section 5 of the FTC Act against  Wyndham Hotels in connection with alleged lax data security procedures.  Following several publicized data security breaches, the FTC investigated Wyndham and concluded that the hotel company failed to employ “reasonable and appropriate” data security practices, citing, for … Continue Reading

FTC Settles Deception, COPPA Charges Against Social Networking App Path

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) … Continue Reading

Wyndham: FTC Lacks Authority to Regulate Data Security

Earlier this week, Wyndham Hotels & Resorts LLC moved to dismiss the complaint filed against it by the Federal Trade Commission in connection with Wyndham’s data security practices, asserting that the FTC has neither the authority nor the expertise to regulate them. As we previously noted, the FTC filed a complaint against Wyndham in June … Continue Reading

The FTC’s Lawsuit Against Wyndham

By Ryan Mowery Last week, the FTC filed suit in federal court against global hospitality firm Wyndham Worldwide Corporation in connection with a series of data breaches affecting Wyndham and its subsidiaries between 2008 and 2010.  The complaint alleges that Wyndham misrepresented the security measures it employed to protect consumers’ personal information and that consumers … Continue Reading

FTC Settles P2P-Related Data Breach Charges Alleging Failure to Provide Appropriate Security

By Brian Ryoo The Federal Trade Commission (“FTC”) reached separate settlements with two companies it had accused of exposing sensitive personal information through peer-to-peer (“P2P”) file-sharing software installed on their corporate networks.  The complaints filed against the companies alleged that the companies failed to have in place adequate information security policies and procedures, risk assessment … Continue Reading

White House To Roll Out “Privacy Bill of Rights”

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC.  Weitzner emphasized that … Continue Reading

FTC Commissioner Brill Warns Enforcement Actions Coming for Mobile Apps

Speaking at the American Bar Association’s annual meeting in Toronto, Commissioner Brill informed the audience that “We will soon be seeing some enforcement actions on [mobile] apps.”  Commissioner Brill emphasized that Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices, applies to mobile applications and criticized many app developers for … Continue Reading
LexBlog