Federal Trade Commission settles with mobile device retailer for misleading and deceptive conduct about its privacy policies and data security.

May 7, 2018

The Federal Trade Commissioner announced that it had settled with BLU Products arising from a complaint that it had deceived its customers regarding its privacy policies and data security practices.

Under the decision BLU and any business that it controls will need to Read the rest of this entry »

FTC revisits consent agreement with Uber after discovering Uber concealed other data breaches

April 17, 2018

In August 2017 Uber entered into a consent agreement with the US Federal Trade Commission (FTC) arising out of a data breach in May 2014 which revealed Uber’s unreasonable security practices.  I did a post on this settlement in August here. Settlements with the FTC can be onerous, unlike the limp enforceable undertakings in Australia, but better than being the subject of litigation.  Unfortunately Uber knew in 2016 that it had suffered a data breach in 2016 from lax security associated with third party cloud services, while the FTC was investigating the 2014 breach, but did not disclose it to the FTC.  In fact it deliberately covered it up and attempted to pay off the hackers (see my post in November 2017). A classic case of the cover up causing more problems than the breach for the organisation.

The FTC described it Read the rest of this entry »

US Federal Trade Commission settles with Lenovo on charges that it preinstalled software that compromised online security and the privacy of users

September 6, 2017

The Federal Trade Commission announced a settlement between it, 32 State Attorneys General and Lenovo relating to a complaint that it harmed consumers privacy and compromised data security with preloaded man in the middle software onto some of its laptops.  The software, described as VisualDiscovery, delivered ads to the lap top owners but in doing so compromised security protections.

This is a huge settlement which deals with Read the rest of this entry »

Uber settles Federal Trade Commission complaint that it engaged in deceptive claims about privacy and data security protections

August 17, 2017

The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.

As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »

Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Federal Trade Commission takes action against data broking

December 2, 2016

The purchase of data in the United States is longstanding and has given rise to a data broking industry.  Under the Privacy Act such Read the rest of this entry »

The US Federal Trade Commission takes action against ASUS regarding misleading statements about data security

August 3, 2016

The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security.  The terms of the settlement are onerous.  As they should be.  It would be Read the rest of this entry »

InMobi agrees to pay $950,000 for tracking millions of consumer locations without permission

June 24, 2016

The Federal Trade Commission (“FTC”) brought a complaint against InMobi for tracking hundreds of millions of its consumers locations without permission. InMobi represented that it would only track consumers’ locations when they opted in for that function.  In fact the tracking device operated whether there was consent or not.  Worse, the tracking device operated when there was a specific denial of Read the rest of this entry »

Federal Trade Commission takes issue with misleading claims about encryption protection in software

January 7, 2016

Never let it be said that the Federal Trade Commission (“FTC”) doesn’t have a sense of humour.  When it took issue with a Henry Shein Practice Solutions Inc’s claim that its software encrypted dental patients’ data its press release was FTC takes on toothless encryption claims for dental practice software.  Nice.

What is more of a worry is Read the rest of this entry »

Federal Trade Commission settles with Wyndham Worldwide over security breaches

December 10, 2015

I posted August 2015 (found here) on the significant win by the Federal Trade Commission (“FTC”) in the Court of Appeal on its powers to enforce data security in Federal Trade Commission v Wyndham Worldwide Corporation & ors.  The result was a milestone Read the rest of this entry »