Tag Archives: Federal Trade Commission (FTC)

Report Suggests Organizations Still Vulnerable to Credential Management and Network Segmentation Attacks

Written by
The Multi-State Information Sharing and Analysis Center (MS-ISAC) published its 2016 mid-year review on August 22, 2016, highlighting large incidents of malware infections, with particular emphasis on ransomware and click fraud malware.  In contrast to the MS-ISAC report, however, an August 2016 report suggests most organizations would benefit from addressing issues of credential management and network segmentation.  The report is based on data collected over the course of 100 internal penetration tests (i.e., tests assuming one user on the network has already had their account compromised) on [...] Read more

FTC seeks public comment on Safeguards Rule and proposed changes

Written by
On August 29, 2016, the FTC announced it is seeking public comment on its Safeguards Rule as part of a systematic review of all FTC rules and guides. The Safeguards Rule came into force in 2003 after the Gramm-Leach-Bliley Act (GLBA) required that the FTC and other agencies establish administrative, technical, and physical information security standards for financial institutions. Of particular note is the FTC’s call for comments on whether it should reference or incorporate other standards, such as PCI-DSS or NIST standards, which may signal a shift from the FTC’s previous resistance toward [...] Read more

FTC Overrules LabMD Dismissal, Finds Unfair Data Security Practices

Written by
The FTC issued an Opinion and Final Order reversing the previously dismissed charges against LabMD on July 29.  FTC Administrative Law Judge (ALJ) D. Michael Chappell had dismissed the case against LabMD on November 13, 2015 based on an insufficient showing of harm, as required to find an act or practice unfair under § 5 of the FTC Act (15 U.S.C. § 45(n)).  In overturning the ALJ’s Initial Decision, the FTC clarified its view of the proper standard for unfairness under § 5.  The FTC further detailed specific security failings of LabMD and signaled the importance of timely and effective [...] Read more

FTC Approves Final Order Prohibiting Misrepresentation about Vipvape’s Participation in APEC Cross Border Privacy Program

Written by
On June 29, 2016, the Federal Trade Commission (FTC) announced it had approved a final order resolving the complaint against Vipvape, a manufacturer of hand-held vaporizers.  The complaint alleged Vipvape misrepresented its practices on the website related to Vipvape’s participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system when, if fact, Vipvape was not certified to participate in the APEC CBPR system. In the Analysis of Proposed Consent Order to Aid Public Comment, the FTC explained that the APEC CBPR system is a voluntary, enforceable mechanism [...] Read more

InMobi to Pay $950,000 to Settle FTC Charges that it Secretly Tracked Phone Users

Written by
The Federal Trade Commission (“FTC”) announced that InMobi, a Singapore-based mobile advertising company whose products are used by many Android and iOS app makers to deliver advertisements to consumers, will pay $950,000 in civil penalties and implement a comprehensive privacy program to settle FTC charges for deceptively tracking the locations of hundreds of millions of consumers, including children, without their knowledge or consent to serve them geo-targeted advertising. The FTC alleges that InMobi represented that its advertising software would only collect consumer’s geo-location [...] Read more

Administration Seeks to Renegotiate Controversial Cybersecurity Export Control

Written by and
The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.   The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in 1995. Each participating state is responsible for implementing export controls based on annually updated control lists of munitions and dual-use goods and technologies (i.e., having both commercial and [...] Read more

FTC Updates IdentityTheft.gov Website

Written by
The Federal Trade Commission (FTC) has announced updates to the IdentityTheft.gov website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

Big Data: FTC Issues Report Cautioning that Use of Big Data may Violate Federal Consumer Protection Laws or Raise Ethical Considerations

Written by
On January 6, the FTC issued a report on the commercial use of big data, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, summarizing the results of a September 2014 workshop and numerous public comments, including a paper and workshop comments by Alston & Bird Senior Counsel Peter Swire.  The report addresses the commercial use of big data (as opposed to the collection, compilation, or analysis of such data) and cautions against uses that have the potential to be exclusionary, discriminatory or that may violate applicable consumer protection laws.  In its report, the [...] Read more

FTC and Wyndham Settle Data Security Allegations

Written by
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between April 2008 and January 2010.  Wyndham initially challenged the FTC’s authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act’s unfairness prong which resulted in litigation [...] Read more

FTC and FCC Sign Consumer Protection MOU

Written by
Since 2014, the Federal Communications Commission (FCC) has engaged in an increasing number of privacy and data security enforcement actions.  The scope of the Commission’s jurisdiction over carriers has also dramatically increased – at least temporarily – following its recent net neutrality order, which reclassified  broadband Internet access service as a telecommunications service under Title II of the Communications Act of 1934.  As a result, the FCC has emerged as a new and potentially aggressive regulator in the consumer privacy and data security space, a role previously occupied [...] Read more