On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corp., Wyndham Hotel Group LLC, Wyndham Hotels and Resorts, LLC, and Wyndham Hotel Management, Inc. (“Wyndham”) had agreed to settle FTC charges that the company’s security practices unfairly exposed the payment card information of consumers to hackers in three separate data breaches between […]
Privacy & Cyber Regulatory Enforcement
FTC and FCC Sign Consumer Protection MOU
Since 2014, the Federal Communications Commission (FCC) has engaged in an increasing number of privacy and data security enforcement actions. The scope of the Commission’s jurisdiction over carriers has also dramatically increased – at least temporarily – following its recent net neutrality order, which reclassified broadband Internet access service as a telecommunications service under Title […]
FTC’s Ability to Regulate Data Security Potentially Limited in FTC v. LabMD
A November 13, 2015 decision from the Federal Trade Commission’s Chief Administrative Law Judge, D. Michael Chappell, calls into question FTC enforcement in the data privacy space. The case began when the FTC filed a complaint on August 28, 2013 after an employee of LabMD, a cancer detection laboratory, downloaded peer-to-peer (“P2P”) software that exposed patient […]
Updated Schrems ECJ / Safe Harbor Ruling FAQs
Alston & Bird has published an updated set of Frequently Asked Questions (FAQs) on the decision by the European Court of Justice holding that the U.S.-EU Safe Harbor Framework is invalid (also known as the Schrems decision). The FAQs are designed to help companies that rely on the Safe Harbor Framework understand the scope of the ECJ […]
A Busy Month for German Data Protection
The European Court of Justice handed down its Schrems decision invalidating the Safe Harbor mechanism on October 6, 2015. Since then, companies have been looking to the Data Protection Authorities (DPAs) of EU member states to see how the decision would be interpreted and enforced. As many companies know, Germany is a multifaceted data-protection landscape. […]