Tag Archives: Federal Trade Commission (FTC)

Administration Seeks to Renegotiate Controversial Cybersecurity Export Control

Written by and
The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.   The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in 1995. Each participating state is responsible for implementing export controls based on annually updated control lists of munitions and dual-use goods and technologies (i.e., having both commercial and [...] Read more

FTC Updates IdentityTheft.gov Website

Written by
The Federal Trade Commission (FTC) has announced updates to the IdentityTheft.gov website aimed at making the site more useful to victims of identity theft. The changes will enable consumers to quickly file complaints and develop a personalized recovery plan after answering a number of questions on the site. “Our hope is that this is going to make it much easier for consumers to start on their road to recovery,” FTC Chairwoman Edith Ramirez said during a news conference revealing the changes. “Having one easy set of steps to understand what [the recovery process] entails and getting a [...] Read more

Big Data: FTC Issues Report Cautioning that Use of Big Data may Violate Federal Consumer Protection Laws or Raise Ethical Considerations

Written by
On January 6, the FTC issued a report on the commercial use of big data, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, summarizing the results of a September 2014 workshop and numerous public comments, including a paper and workshop comments by Alston & Bird Senior Counsel Peter Swire.  The report addresses the commercial use of big data (as opposed to the collection, compilation, or analysis of such data) and cautions against uses that have the potential to be exclusionary, discriminatory or that may violate applicable consumer protection laws.  In its report, the [...] Read more

FTC and Wyndham Settle Data Security Allegations

Written by
On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between April 2008 and January 2010.  Wyndham initially challenged the FTC’s authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act’s unfairness prong which resulted in litigation [...] Read more

FTC and FCC Sign Consumer Protection MOU

Written by
Since 2014, the Federal Communications Commission (FCC) has engaged in an increasing number of privacy and data security enforcement actions.  The scope of the Commission’s jurisdiction over carriers has also dramatically increased – at least temporarily – following its recent net neutrality order, which reclassified  broadband Internet access service as a telecommunications service under Title II of the Communications Act of 1934.  As a result, the FCC has emerged as a new and potentially aggressive regulator in the consumer privacy and data security space, a role previously occupied [...] Read more

FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD

Written by and
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space.  The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient information on the file sharing network (also known as “1718 File”). An online security firm named Tiversa found this file on a peer-to-peer file-sharing network in 2008 and used it to solicit work protecting LabMD’s data. The [...] Read more

Commission Underlines Commitment to Safe Harbor Discussions

Written by
In a keynote speech today before the 37th International conference of Privacy and Data Protection Commissioners in Amsterdam,  EU Justice Commissioner Vera Jourová reiterated the commitment of the European Commission to completing discussions with the United States on a replacement framework for the U.S.-EU Safe Habor. Commissioner Jourová noted that, in the wake of the European Court of Justice’s October 6, 2015 judgment in the Schrems case (C-362-14), the Commission had stepped up discussions with the United States at the political level as well as the technical level.  There is now [...] Read more

Third Circuit Affirms FTC’s Authority to Regulate Data Security

Written by
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here and here).  In this highly anticipated precedential opinion, the Court decided that Wyndham’s cybersecurity practices as alleged by the FTC fit the definition of “unfair” when compared with its stated security policies.  In doing so, the Court rejected Wyndham’s [...] Read more

FTC Releases New Data Security Guidance for Businesses, Announces Conference Series

Written by
The Federal Trade Commission has released new guidance, called “Start with Security,” intended to assist businesses to improve their data security practices based on lessons learned from its 53 data security cases to date.  Issued on June 30, 2015, the guidance “distill[s] the facts of those cases down to their essence” in ten “lessons to learn that touch on vulnerabilities that could affect your company.” The ten lessons are as follows: Start with security.  The FTC advises businesses to factor security into its business processes from the beginning.  It also reminds businesses [...] Read more

RadioShack Agrees to Significant Limitations in Sale of Customer Data Following Pressure from State Regulators and the FTC

Written by
In what may become viewed as the de facto standard for selling customer information in bankruptcies, a Delaware bankruptcy court approved, on May 20, 2015, a multi-party agreement that would substantially limit RadioShack’s ability to sell 117 million customer records. The agreement was entered into by RadioShack Corp., General Wireless Inc., and 17 state attorney generals as part of the former’s ongoing bankruptcy proceeding. Despite its original intention to sell all of its customer records, RadioShack entered into the agreement in response to filings made by 36 state attorney generals [...] Read more