US Federal Trade Commission settles with Lenovo on charges that it preinstalled software that compromised online security and the privacy of users

September 6, 2017

The Federal Trade Commission announced a settlement between it, 32 State Attorneys General and Lenovo relating to a complaint that it harmed consumers privacy and compromised data security with preloaded man in the middle software onto some of its laptops.  The software, described as VisualDiscovery, delivered ads to the lap top owners but in doing so compromised security protections.

This is a huge settlement which deals with Read the rest of this entry »

Uber settles Federal Trade Commission complaint that it engaged in deceptive claims about privacy and data security protections

August 17, 2017

The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.

As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »

Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Federal Trade Commission takes action against data broking

December 2, 2016

The purchase of data in the United States is longstanding and has given rise to a data broking industry.  Under the Privacy Act such Read the rest of this entry »

The US Federal Trade Commission takes action against ASUS regarding misleading statements about data security

August 3, 2016

The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security.  The terms of the settlement are onerous.  As they should be.  It would be Read the rest of this entry »

InMobi agrees to pay $950,000 for tracking millions of consumer locations without permission

June 24, 2016

The Federal Trade Commission (“FTC”) brought a complaint against InMobi for tracking hundreds of millions of its consumers locations without permission. InMobi represented that it would only track consumers’ locations when they opted in for that function.  In fact the tracking device operated whether there was consent or not.  Worse, the tracking device operated when there was a specific denial of Read the rest of this entry »

Federal Trade Commission takes issue with misleading claims about encryption protection in software

January 7, 2016

Never let it be said that the Federal Trade Commission (“FTC”) doesn’t have a sense of humour.  When it took issue with a Henry Shein Practice Solutions Inc’s claim that its software encrypted dental patients’ data its press release was FTC takes on toothless encryption claims for dental practice software.  Nice.

What is more of a worry is Read the rest of this entry »

Federal Trade Commission settles with Wyndham Worldwide over security breaches

December 10, 2015

I posted August 2015 (found here) on the significant win by the Federal Trade Commission (“FTC”) in the Court of Appeal on its powers to enforce data security in Federal Trade Commission v Wyndham Worldwide Corporation & ors.  The result was a milestone Read the rest of this entry »

Federal Trade Commission v Wyndom; the FTC has significant win in the US Court of Appeal regarding privacy regulation

August 27, 2015

When, or even if, the Privacy Commissioner exercises his powers under the Privacy Act in relation to poor privacy policies and standards it could do worse than consider some of the US Federal Trade Commission (the “FTC”) litigation as well as ACCC cases. That would require the Privacy Commissioner to do that which he has steadfastly refused or failed to do to date.

The FTC has had a very significant win in the US Court of Appeals for the Third Circuit in Federal Trade Commission v Wyndom Worldwide Corporation & ors.  The Court of Appeal has Read the rest of this entry »

Federal Trade Commission finalises order against GMR Transcription Services for weak privacy protections

August 22, 2014

While those in the privacy sphere in Australia watch and wait to see how the Privacy Commissioner will excercise his newly acquired (since 12 March 2014) powers of enforcement under the Privacy Act 1988 the Federal Trade Commission (“FTC”) moves apace in taking to task those engaging in privacy intrusive conduct (via claims that the miscreants misrepresented that they protected their customers privacy).  After announcing orders against Credit Karma and Fandango earlier this week (and posted here) the FTC approves final orders against GMR Transcription Services whose security practices were so deficicent as to expose personal information of thousands of consumers on line, some of which were medical histories adn examination notes.  The settlement was first announced on 31 January 2014.   The period of the settlement order is 20 years.  Onerous by any measure but given the nature of the breach reasonable, particularly as the FTC has no power to fine GMR.  In the UK the Information Commissioner may have been able to impose a monetary penalty. In the last 3 – 4 years the FTC has proven to be quite a vigorous regulator using the limited powers available to it in privacy regulation.  It has also been active in calling for greater privacy controls through appearances before Congressional Committees.

In Australia the Privacy Commissioner may Read the rest of this entry »