Last week, Australia’s parliament passed a controversial act that will enable law enforcement and intelligence agencies to compel access to encrypted communications. In an explanatory memorandum, the Australian Parliament stated that the new act, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, is intended to combat “the challenges posed by ubiquitous encryption.” … Continue Reading
According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining consent under the EU General Data Protection Regulation (GDPR) and allowing its readers to switch off tracking and cookies. Article 6(1) of … Continue Reading
As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the EU-U.S. Privacy Shield Framework is underway, and the FTC has announced several new enforcement actions, which … Continue Reading
The U.S. Securities and Exchange Commission (SEC) recently announced a consent order settling an enforcement action brought by the SEC against Voya Financial Advisors Inc. (VFA) in connection with a data security incident that occurred in 2016. VFA is a registered broker-dealer and investment adviser with the SEC. The order memorializes the SEC’s agreement to … Continue Reading
Liftopia, an e-commerce platform that enables ski resorts to sell advance-purchase tickets online, was cited in a recent decision by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for failing to provide consumers with sufficient notice and choice relating to the collection of data for targeted ads and the serving of interest-based advertising … Continue Reading
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading
On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading
On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading
Uber, the ride-hailing giant, agreed this week to implement a comprehensive privacy program and to undergo 20 years of privacy and data security audits in order to settle allegations by the Federal Trade Commission (FTC) that Uber did not keep its promises to protect customer data. The FTC had alleged two separate failures by Uber: … Continue Reading
Has your company or client been served with a Civil Investigative Demand (CID)? Overwhelmed? Don’t despair – the future may be brighter, as the Federal Trade Commission (FTC) is now offering more clarity regarding its CID document requests process. On July 17, 2017 FTC Acting Chairman Maureen K. Ohlhausen issued a new internal process reform … Continue Reading
Effective January 1, 2018, Oregon will join Pennsylvania and Nebraska in expanding its definition of deceptive trade practices to explicitly include a material misstatement regarding the use of personal information. House Bill 2090 applies to statements “publishe[d] on a website … or in a consumer agreement related to a consumer transaction.” Like the other states’ … Continue Reading
Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016. Similar to its predecessors, the new Nevada … Continue Reading
As noted in the 2017 BakerHostetler Data Security Incident Response Report, the enactment of the EU General Data Protection Regulation (GDPR) represents the most significant change in European data protection law in more than 20 years. Coming into effect on May 25, 2018, the GDPR focuses on a number of core data protection principles and … Continue Reading
Your company had a data security event. After an investigation, it was determined that notifications were required, and the incident was made public as a result. Notification letters were mailed and regulators were notified, all in accordance with the law. Your company also enhanced security measures and took other remedial action, so there is nothing … Continue Reading
On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading
On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of its products and engaged in unfair practices that put U.S. consumers’ privacy at risk. The case is noteworthy for … Continue Reading
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services Companies (the “Proposal”). As we previously reported, the NYDFS first announced the proposed regulations in September; at that time, they were … Continue Reading
On December 20, 2016, the Federal Trade Commission (FTC) announced that Turn Inc. agreed to settle charges that it misled consumers about its online tracking activities and failed to honor consumer opt-outs as described in its privacy policy. Background Turn is a digital advertising company that facilitates targeted marketing by commercial brands and ad agencies … Continue Reading
Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers (ISPs) (also known by the Commission as broadband internet access service (BIAS) providers). We previously wrote about the Commission’s initial proposal in this regard (available … Continue Reading
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading
On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading