RSS Print Email

Federal Trade Commission (FTC)

FTC Invites Public Comments on Mobile Security

On April 17, 2014, the Federal Trade Commission (“FTC”) issued a press release, announcing that the FTC is seeking public comments to explore mobile security issues. The press release refers to the mobile security forum held last year to examine the state of mobile security (the “Forum”). In the press release, the FTC invites comments from the public to expand on a number of complex issues discussed at the Forum with an eye towards a report.

Read More

District Court Denies Wyndham Motion to Dismiss and Supports FTC's Authority in Data Breach Cases

In Federal Trade Commission v. Wyndham Worldwide Corp., et al., No. 13-cv-01887-ES-JAD (D.N.J. Apr. 7, 2014), Judge Esther Salas of the U.S. District Court for the District of New Jersey denied Wyndham’s request for dismissal of the FTC’s lawsuit against the hotel resort chain as a result of getting hacked.* Wyndham had challenged the FTC’s power to assert an unfairness claim under Section 5 of the FTC Act. Although the Court’s ruling focused solely on the FTC’s authority to bring the lawsuit, and offered no opinion on the underlying merits of the allegations, the ruling could have broad ramifications on the FTC’s ability to pursue companies for unfair and deceptive trade practices when a data breach occurs.

Read More

LabMD’s Federal Court Actions Against the FTC Dismissed

LabMD is back in the news. This time, however, it’s not the FTC’s administrative action against LabMD that’s making headlines. (For information about the administrative action, please see our prior posts here and here.) Instead, LabMD’s federal court actions against the FTC – one in the United States Court of Appeals for the Eleventh Circuit and one in United States District Court for the District of Columbia – are now making news. Both have recently been dismissed. This means that, at least for now, the FTC’s administrative action will likely settle the parties’ disputes.

Read More

FTC Denies LabMD’s Motion to Dismiss

February 20, 2014 | Posted by Paula Stannard, Zach Neal, & Claire Readhead | Topic(s): Federal Trade Commission (FTC), Enforcement, Data Security

The FTC – in a decision that should surprise no one – refused to dismiss its administrative complaint (“Complaint”) against LabMD. This case – like the FTC’s case against Wyndham Worldwide – illustrates the continuing fight regarding the scope of the FTC’s power for regulate inadequate data security practices. In particular, this decision is important because it further explains the FTC’s rationale for regulating allegedly inadequate data security practices pursuant to its “unfair” acts or practices authority in Section 5 of the FTC Act. The decision also sets forth the FTC’s view as to why its Section 5 authority permits it to regulate and enforce data security when other statutes – such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) administrative simplification provisions addressing the privacy and security of health information – already regulate data security in a particular area. Because the FTC increasingly uses this Section 5 authority to regulate what it views as inadequate data security practices, businesses of any size which deal with data security – essentially all businesses to some degree – should closely review this decision. The bottom line: Unless the courts or Congress limit the FTC’s power in this context, the FTC is likely to expand the exercise of its Section 5 “unfair” acts or practices authority to regulate allegedly “unfair” data security practices by means of case-by-case enforcement actions – without issuing regulations or guidance to inform businesses and industries of the data security standards they must meet to comply with the FTC Act.

Read More

FTC Settles With Children’s Entertainment Company Over Safe Harbor Lapse

February 11, 2014 – The FTC today announced a proposed settlement with Fantage.com Inc., a children’s online entertainment company that allegedly misrepresented its adherence to the U.S.-European Union Safe Harbor Framework (the “Framework”).

Read More

Kim Peretti Quoted in Washington Post Article “Target Security Breach: Eric Holder Vows to Find Hackers”

February 5, 2014 | Posted by Privacy & Data Security Team | Topic(s): Federal Trade Commission (FTC), Security Breach, Privacy, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in the Washington Post article “Target Security Breach: Eric Holder Vows to Find Hackers.” Attorney General Eric Holder confirmed that his agency is investigating the holiday heist on Target, which exposed weaknesses in the nation’s credit card system. As a result of the breach, the FTC was urged to launch an investigation into Target’s security practices. According to the article, the FTC can “bring an enforcement action against any company that fails to safeguard their customers’ personal information.”

Peretti stated that “most cases result in consent orders that force the company to establish tighter controls and subject it to routine audits.” “It’s been relatively common that companies that disclose consumer data breaches face inquiries by either the FTC or state attorneys general,” she said. “They are very active in that space and have been increasingly active in that space.”

To read the complete article, please click here.

Posted by Privacy and Data Security Team | Alston & Bird LLP

Senator Leahy Reintroduces “Personal Data Privacy and Security Act”: Federal Data Breach Notification Law Includes Criminal Penalties for Failure to Notify

On January 8, 2014, Senator Leahy (D-VT) reintroduced the “Personal Data Privacy and Security Act” (S. 1897) in an effort to both enhance criminal penalties for computer hacking, and create a tough Federal data breach notification statute. The bill was originally cosponsored (at the time of its introduction) by Senators Chuck Schumer (D-NY), Al Franken (D-MN) and Richard Blumenthal (D-CT), and has since been cosponsored by Senator Robert Menendez (D-NJ). The bill has been referred to the Senate Judiciary Committee for consideration, and the committee is expected to hold a hearing on data security breach issues within the coming weeks.

Read More

Apple Agrees to Settle FTC Complaint Regarding In-App Purchases

January 15, 2014 - The Federal Trade Commission today announced that Apple has entered a settlement agreement containing a consent order to settle the FTC’s complaint alleging that the company billed consumers for charges incurred by children in kids’ mobile apps without their parents’ consent. Under the agreement, Apple will refund at least $32.5 million to customers whose children made in-app purchases without adequate parental consent.

Read More

White House Cybersecurity Coordinator to Deliver Keynote at Law & Policy In-House Summit in Washington, D.C.

The Global Law Forum will host The Cybersecurity Law & Policy In-House Summit in Washington D.C. on January 14 and 15, 2014. The Summit will showcase panel discussions addressing a myriad of issues relevant to corporate counsel including establishing data breach response plans, understanding the cybersecurity insurance market, achieving Board of Directors and company buy-in on cybersecurity measures, as well as preparing for the upcoming final NIST Cybersecurity Framework and its potential to establish a new standard of care for liability. Special Assistant to President Obama and U.S. Cybersecurity Coordinator J. Michael Daniel will deliver the Keynote address and provide an overview of the White House’s 2014 cybersecurity agenda. Registration for the event is open and accessible here. Alston & Bird is a Knowledge Partner for the event.

Read More

FTC Denies LabMD’s Motions to Stay Pending Administrative Action

December 18, 2013 | Posted by Zachary Neal | Topic(s): Federal Trade Commission (FTC), Enforcement, Data Security

In the ongoing Federal Trade Commission (“FTC”) proceeding against LabMD, Inc. (“Lab MD”), the FTC recently denied LabMD’s attempts to stay the proceeding pending the outcome of the company’s separate requests for injunctive relief pending before the U.S. District Court for the District of Columbia and petition for review before the U.S. Court of Appeals for the Eleventh Circuit. The FTC reasoned that those courts lacked the authority to review the proceedings because there is no final ruling. This decision provides a good reminder that once the FTC’s administrative process has begun, it will likely be difficult to short-circuit that process through judicial review.

Read More

House Energy and Commerce Subcommittee Holds Hearing on “The FTC at 100: Where Do We Go From Here?”

December 17, 2013 | Posted by Paul Martino & Claire Lucy Readhead | Topic(s): Online Privacy, Federal Trade Commission (FTC), Privacy, Hearing, House of Representatives

On December 3, 2013, the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade (CMT) held a hearing entitled “The FTC at 100: Where Do We Go From Here?” CMT Subcommittee Chairman Lee Terry (R-NE) chaired the hearing. At the hearing, Federal Trade Commission (FTC) Chairwoman Edith Ramirez and Commissioners Julie Brill, Maureen Ohlhausen, and Joshua Wright testified and presented the Prepared Statement of the Federal Trade Commission.

Read More

FTC Chairwoman Reiterates Support for National Data Breach Law with FTC Enforcement Powers

December 16, 2013 | Posted by Louis Dennig | Topic(s): Federal Trade Commission (FTC), Legislation, Enforcement, Cybersecurity, Data Breach, Regulatory Enforcement

At the National Consumers League Conference on identity theft, held on December 12, 2013 in Washington, D.C., Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez pushed for a federal data breach law featuring the FTC as the “enforcer.” Chairwoman Ramirez engaged in a keynote discussion with former FTC Chairwoman Deborah Platt Majoras and made her position clear that a federal data breach notification law that complements existing state laws would benefit consumers. The keynote can be viewed in its entirety here (the discussion related to a national data breach notification law begins at 21:35).

Read More

FTC Settles with Flashlight App Developer Over Charges It Transmitted Geolocation Data Without Consumers' Knowledge

The creator of the popular “Brightest Flashlight Free” Android app has agreed to settle with the Federal Trade Commission (“FTC”) over charges that the app deceived consumers regarding the collection of geolocation information that was shared with third parties.

Read More

A+B Privacy Litigation Partner Dominique Shelton Quoted by BNA Bloomberg "Privacy Law Watch"

October 11, 2013 | Posted by Privacy & Data Security Team | Topic(s): Online Privacy, Federal Trade Commission (FTC), US State Law, Data Security, Privacy, Mobile Privacy, Regulation

Several comments made by Dominique Shelton, a partner in the firm’s Litigation & Trial Practice Group, as part of the International Association of Privacy Professionals Privacy Academy in Bellevue, Washington, were included in a BNA Bloomberg Privacy Law Watch article discussing the conference panelists’ discussion on achieving mobile privacy compliance goals.

Read More

FTC Updates Advertising Disclosure Guidelines to Address Online and Mobile Environment

The FTC recently released an update to its 2000 report, “Dot Com Disclosures” offering further guidance on effective disclosures for advertising in digital media.

The FTC instructed advertisers to adopt the perspective of a reasonable consumer, and should assume consumers do not read the entire website or screen, just as they don’t read every word on a printed page. Under the new guidance, the required disclosures need to be clear and conspicuous across all devices and platforms. The following is a highlight of some of the guidance provided in the comprehensive report.

Read More

12