On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading
On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading
On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of its products and engaged in unfair practices that put U.S. consumers’ privacy at risk. The case is noteworthy for … Continue Reading
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading
On January 15, 2015, New York Attorney General Eric Schneiderman indicated that he plans to propose legislation to update New York’s information security laws, including by revising the definition of “private information” under the state’s data security breach notification statute. Schneiderman’s proposal comes on the heels of President Obama’s January 13, 2015, unveiling of measures … Continue Reading
Authorship Credit: Tina Amin China’s top legislature, the Standing Committee of the National People’s Congress, closed out 2012 with the approval of rules to enhance the protection of online personal information. The “Decision of the Standing Committee of the National People’s Congress to Strengthen the Protection of Internet Data” (“Decision”), which took effect upon … Continue Reading
Technology advances often help consumers do things quicker or easier. For regulators and law enforcers, such advances often present challenges in keeping laws and regulations up to date. The latest example is amendments announced by the Federal Trade Commission (“FTC”) on December 19, 2012, to update its Children’s Online Privacy Protection Act (“COPPA”) Rule, which … Continue Reading
Earlier this week, Maureen Olhausen, the Federal Trade Commission’s newest commissioner, shared her perspective on “The Federal Role in Privacy: Getting It Right” in a discussion at the Hudson Institute, a conservative-leaning think tank in Washington, DC. Her straightforward comments indicated she intends to take a cautious and holistic approach toward any expansion of the … Continue Reading
It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading
Authorship Credit: Dave Taylor, Director, Information Technology, Baker & Hostetler LLP We are seeing a dramatic increase in spam and email phishing schemes once again. These schemes have become very sophisticated in their ability to mimic the multitudes of legitimate on-line transactions that occur every day. Please consider the following when reading and reacting to … Continue Reading
The Attorney General of California (“AG”) released a Joint Statement of Principles (“Joint Statement“) among itself and Amazon.com Inc., Apple Inc., Google Inc., Hewlett-Packard Company, Research In Motion Limited and other companies (collectively the “Mobile App Market Companies”) describing the terms of a settlement relating to the AG’s review of mobile application marketplace privacy protections. The … Continue Reading
The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18.
The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention.
Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year.… Continue Reading
Facebook and the FTC announced an agreement on November 29, 2011, ending the FTC’s 18-month investigation into Facebook’s user privacy practices. By adding Facebook to the list of major social media entities subject to an FTC consent order—a list that includes Google and Twitter—the FTC has loudly signaled its leading role in regulating the online … Continue Reading