Federal Trade Commission (FTC)

The 2022 National Association of Attorneys General (NAAG) Presidential Summit, held last week in Des Moines, Iowa, signaled a clear partnership between state AGs, the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) to accomplish Iowa AG Tom Miller’s “fight back” presidential initiative: Consumer Protection 2.0: Tech Threats and Tools. Picking up from the 2021 kickoff of Miller’s NAAG initiative this past December, the NAAG Summit featured a variety of speakers from the federal, state, and private sectors, including, most notably, from the FTC and CFPB.Continue Reading Guardians of the Consumer: State AGs team up with FTC and CFPB to protect consumers online – Consumer Protection 2.0: Tech, Threats, and Tools

On March 15, 2022, the Federal Trade Commission (“FTC”) issued a proposed settlement with online custom merchandise platform CafePress in connection with the company’s alleged: (1) failure to implement reasonable security measures to secure consumers’ Personal Information; and (2) attempt to cover up a significant 2019 data breach. The proposed settlement would require CafePress to implement a comprehensive data security program and pay $500,000 in redress to victims of the data breaches. The FTC’s Complaint alleges that CafePress misrepresented its security practices and unfairly failed to implement reasonable security measures to protect the Personal Information of consumers and merchants stored on the company’s systems. Although similar in content to previous FTC orders, the current order addresses a myriad of unique provisions and provides a glimpse into the FTC’s future enforcement of cybersecurity issues.Continue Reading CafePress FTC settlement signals future approach to enforcement actions

In a world where we have been ordered to stay home and shelter in place to combat the spread of COVID-10 our children are now learning remotely. While it is fortunate that technology allows students to continue the school year at home, remote learning presents an obstacle where children’s privacy is concerned.

In the United States, the Children’s Online Privacy Protection Act (COPPA) governs the collection of personal information from children under the age of 13. It generally requires the provider of a website or online service directed at children to obtain “verifiable parental consent” before collecting any personal information from children. “Verifiable parental consent” can be obtained in a number of ways—for example, through a signed consent form that is returned via mail or electronic scan, or the use of a credit card or other online payment system that provides notification of each separate transaction to the account holder—but whatever method is used must be reasonably designed to ensure that the person giving the consent is the child’s parent or legal guardian.
Continue Reading Remember to consent in the time of COVID-19

The Federal Trade Commission continues its efforts to be the leading federal regulator in the areas of privacy and data security.  Its latest FinTech Forum highlights emerging issues relating to blockchain, machine learning, and related tools that increasingly influence how sensitive information about consumers is collected, used, shared and secured.  These programs help inform the

The Federal Trade Commission’s recent settlement with VIZIO, Inc., may have created a new definition of “sensitive information” that includes viewing data, but the opinion of Acting Chairperson Maureen Ohlhausen may provide further insight on how the agency will act under the new administration.

On February 6, the FTC settled charges with VIZIO, one of

On October 25, the Federal Trade Commission released “Data Breach Response: A Guide for Business,” its latest guidance on data privacy and security regulation. The Guide seeks to help businesses comprehend the Agency’s understanding of both legal requirements and best practices, although what is legally required versus what is encouraged continues to be challenging for many companies to identify in these pronouncements.

Although the Guide is not a regulation, the Commission has historically used such guidance to help signal where its enforcement efforts might focus as it evaluates companies’ conduct. The introduction suggests that the FTC considers following its advice to be at least one way to “make smart, sound decisions.”

The Guide outlines tasks for companies affected by a breach:

  • Secure Your Operation
  • Fix Vulnerabilities
  • Notify Appropriate Parties

Continue Reading FTC’s New Guidelines Provide Agency View on Data Breach Response

This post was also written by Frederick H. Lah.

Last week, the U.S. District Court approved the $22.5 million civil penalty against Google for violating a consent order. Yesterday, FTC Director of the Bureau of Consumer Protection David Vladeck released a statement about the Court’s approval, calling the consent order “a clear victory for consumers

This post was also written by Amy S. Mushahwar.

In last week’s all-day Robocall Summit at the Federal Trade Commission (“FTC”), representatives of the FTC and the Federal Communications Commission (“FCC”), and the Indiana Attorney General, repeatedly referenced their frustration in the face of a constantly multiplying number of consumer complaints regarding unwanted robocalls and

This post was also written by Amy S. Mushahwar.

On Tuesday, the Federal Trade Commission (FTC) finalized its Consent Order with MySpace, settling allegations that MySpace misrepresented its data use and sharing practices, and its compliance with the U.S.-EU Safe Harbor Framework in its privacy policy. In a 4-0-1 decision, with Commissioner Maureen Ohlhausen