Archives: Enforcement

Subscribe to Enforcement RSS Feed

Controversial Australian Encryption Act Denounced by Privacy and Cryptography Advocates

Brian P. BartishBy Brian P. Bartish on Posted in Enforcement, International Privacy Law
Last week, Australia’s parliament passed a controversial act that will enable law enforcement and intelligence agencies to compel access to encrypted communications. In an explanatory memorandum, the Australian Parliament stated that the new act, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, is intended to combat “the challenges posed by ubiquitous encryption.” … Continue Reading

Cookies and Consent Under the EU GDPR

David M. BrownBy David M. Brown on Posted in Enforcement, GDPR, Online Privacy
According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining consent under the EU General Data Protection Regulation (GDPR) and allowing its readers to switch off tracking and cookies. Article 6(1) of … Continue Reading

EU-U.S. Privacy Shield Framework Joint Annual Review 2.0

David M. BrownBy David M. Brown on Posted in Enforcement, International Privacy Law
As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the EU-U.S. Privacy Shield Framework is underway, and the FTC has announced several new enforcement actions, which … Continue Reading

Broker-Dealer and Investment Adviser Agrees to Settle SEC Enforcement Action Arising From a Data Security Incident

Will R. DaughertyJohn BuschBy Will R. Daugherty and John Busch on Posted in Enforcement, Incident Response
The U.S. Securities and Exchange Commission (SEC) recently announced a consent order settling an enforcement action brought by the SEC against Voya Financial Advisors Inc. (VFA) in connection with a data security incident that occurred in 2016. VFA is a registered broker-dealer and investment adviser with the SEC. The order memorializes the SEC’s agreement to … Continue Reading

Online Merchant Cited for Inadequate Interest-Based Advertising Disclosures

Alan L. FrielKyle FathBy Alan L. Friel and Kyle Fath on Posted in Advertising, Enforcement
Liftopia, an e-commerce platform that enables ski resorts to sell advance-purchase tickets online, was cited in a recent decision by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for failing to provide consumers with sufficient notice and choice relating to the collection of data for targeted ads and the serving of interest-based advertising … Continue Reading

Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017

John BuschBy John Busch on Posted in Cybersecurity, Enforcement, News
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

Melinda L. McLellanAaron LancasterBy Melinda L. McLellan and Aaron Lancaster on Posted in Enforcement, International Privacy Law
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

From the Mouths of Babes: FTC Issues COPPA Enforcement Policy Regarding Voice Recordings

Carolina AlonsoAlan L. FrielMelinda L. McLellanBy Carolina Alonso, Alan L. Friel and Melinda L. McLellan on Posted in Children’s Privacy, Enforcement, Internet of Things, Online Privacy
On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading

Privacy Shield Update: Ahead of First Joint Review, Europeans Remain Skeptical as FTC Announces Enforcement Actions

Melinda L. McLellanEmily R. FedelesBy Melinda L. McLellan and Emily R. Fedeles on Posted in Enforcement, International Privacy Law
On September 8, 2017, the Federal Trade Commission (FTC) announced enforcement actions against three companies alleged to have falsely claimed participation in the EU-U.S. Privacy Shield Framework. The move follows several months of uncertainty surrounding the Framework’s future as EU officials and privacy advocates have questioned its efficacy and validity in the run-up to the … Continue Reading

Uber Settles With FTC Over Allegedly Deceptive Privacy And Data Security Practices

Laura E. JehlBy Laura E. Jehl on Posted in Cybersecurity, Enforcement
Uber, the ride-hailing giant, agreed this week to implement a comprehensive privacy program and to undergo 20 years of privacy and data security audits in order to settle allegations by the Federal Trade Commission (FTC) that Uber did not keep its promises to protect customer data. The FTC had alleged two separate failures by Uber: … Continue Reading

FTC Announces Internal Process Reforms in Connection with Civil Investigative Demands

May Tal GongolevskyBy May Tal Gongolevsky and Csilla Boga-Lofaro on Posted in Enforcement
Has your company or client been served with a Civil Investigative Demand (CID)? Overwhelmed? Don’t despair – the future may be brighter, as the Federal Trade Commission (FTC) is now offering more clarity regarding its CID document requests process. On July 17, 2017 FTC Acting Chairman Maureen K. Ohlhausen issued a new internal process reform … Continue Reading

Oregon Expands Deceptive Trade Practices Act to Include Misrepresentations About PI Usage

David KitchenAlan L. FrielBy David Kitchen and Alan L. Friel on Posted in Enforcement, State Legislation
Effective January 1, 2018, Oregon will join Pennsylvania and Nebraska in expanding its definition of deceptive trade practices to explicitly include a material misstatement regarding the use of personal information. House Bill 2090 applies to statements “publishe[d] on a website … or in a consumer agreement related to a consumer transaction.” Like the other states’ … Continue Reading

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

David KitchenAlan L. FrielMelinda L. McLellanBy David Kitchen, Alan L. Friel and Melinda L. McLellan on Posted in Enforcement, Online Privacy, State Legislation
Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading

Deeper Dive: Security Incident Notification Under the New EU General Data Protection Regulation (GDPR)

Melinda L. McLellanJames A. ShererEmily R. FedelesBy Melinda L. McLellan, James A. Sherer and Emily R. Fedeles on Posted in Cybersecurity, Data Breaches, Enforcement, International Privacy Law
As noted in the 2017 BakerHostetler Data Security Incident Response Report, the enactment of the EU General Data Protection Regulation (GDPR) represents the most significant change in European data protection law in more than 20 years. Coming into effect on May 25, 2018, the GDPR focuses on a number of core data protection principles and … Continue Reading

Deeper Dive: Be Prepared for Regulatory Investigations in the Wake of a Security Incident

Eric A. PackelBy Eric A. Packel on Posted in Cybersecurity, Enforcement
Your company had a data security event. After an investigation, it was determined that notifications were required, and the incident was made public as a result. Notification letters were mailed and regulators were notified, all in accordance with the law. Your company also enhanced security measures and took other remedial action, so there is nothing … Continue Reading

FTC Nets $500,000 Settlement for Alleged Consent Order Violation Related to Online Data Collection Practices

Melinda L. McLellanBy Melinda L. McLellan and Kathryn Mellinger on Posted in Big Data, Enforcement, Online Privacy
On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading

FTC’s $2.2m Smart TV Settlement Signals Continued IoT Enforcement Focus

Alan L. FrielMelinda L. McLellanBy Alan L. Friel and Melinda L. McLellan on Posted in Behavioral Advertising, Big Data, Enforcement, Information Security, Internet of Things, Marketing, Online Privacy
On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

Melinda L. McLellanJonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy, Information Security
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading

FTC Goes After IoT Device Manufacturer for Alleged Security Vulnerabilities in Routers, IP Cameras

Melinda L. McLellanBy Melinda L. McLellan and Kathryn Mellinger on Posted in Enforcement, Internet of Things
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of its products and engaged in unfair practices that put U.S. consumers’ privacy at risk. The case is noteworthy for … Continue Reading

New York Department of Financial Services Issues Revised Cybersecurity Regulations

Melinda L. McLellanJonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services Companies (the “Proposal”). As we previously reported, the NYDFS first announced the proposed regulations in September; at that time, they were … Continue Reading

FTC Settles with Ad Tech Company Over Deceptive Online Tracking Practices

Melinda L. McLellanRobyn M. FeldsteinBy Melinda L. McLellan and Robyn M. Feldstein on Posted in Behavioral Advertising, Enforcement, Marketing, Mobile Privacy, Online Privacy
On December 20, 2016, the Federal Trade Commission (FTC) announced that Turn Inc. agreed to settle charges that it misled consumers about its online tracking activities and failed to honor consumer opt-outs as described in its privacy policy. Background Turn is a digital advertising company that facilitates targeted marketing by commercial brands and ad agencies … Continue Reading

FCC Wades Back Into Data Privacy and Security for ISPs With Revised Privacy Proposal

Alan L. FrielBy Alan L. Friel and Suchismita Pahi on Posted in Cybersecurity, Enforcement
Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers (ISPs) (also known by the Commission as broadband internet access service (BIAS) providers). We previously wrote about the Commission’s initial proposal in this regard (available … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

David M. BrownBy David M. Brown on Posted in Cybersecurity, Data Breaches, Enforcement, Online Privacy, Retail Industry
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

Will R. DaughertyDavid M. BrownBy Will R. Daugherty and David M. Brown on Posted in Cybersecurity, Enforcement, Medical Privacy, Online Privacy
On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading
LexBlog