Federal Trade Commission halts company that used information in loan applications to sell personal information to third parties wanting leads for their own business purposes for the pu

July 20, 2017

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

Federal Trade Commission takes action against data broking

December 2, 2016

The purchase of data in the United States is longstanding and has given rise to a data broking industry.  Under the Privacy Act such Read the rest of this entry »

The US Federal Trade Commission takes action against ASUS regarding misleading statements about data security

August 3, 2016

The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security.  The terms of the settlement are onerous.  As they should be.  It would be Read the rest of this entry »

InMobi agrees to pay $950,000 for tracking millions of consumer locations without permission

June 24, 2016

The Federal Trade Commission (“FTC”) brought a complaint against InMobi for tracking hundreds of millions of its consumers locations without permission. InMobi represented that it would only track consumers’ locations when they opted in for that function.  In fact the tracking device operated whether there was consent or not.  Worse, the tracking device operated when there was a specific denial of Read the rest of this entry »

Federal Trade Commission takes issue with misleading claims about encryption protection in software

January 7, 2016

Never let it be said that the Federal Trade Commission (“FTC”) doesn’t have a sense of humour.  When it took issue with a Henry Shein Practice Solutions Inc’s claim that its software encrypted dental patients’ data its press release was FTC takes on toothless encryption claims for dental practice software.  Nice.

What is more of a worry is Read the rest of this entry »

Federal Trade Commission settles with Wyndham Worldwide over security breaches

December 10, 2015

I posted August 2015 (found here) on the significant win by the Federal Trade Commission (“FTC”) in the Court of Appeal on its powers to enforce data security in Federal Trade Commission v Wyndham Worldwide Corporation & ors.  The result was a milestone Read the rest of this entry »

Federal Trade Commission v Wyndom; the FTC has significant win in the US Court of Appeal regarding privacy regulation

August 27, 2015

When, or even if, the Privacy Commissioner exercises his powers under the Privacy Act in relation to poor privacy policies and standards it could do worse than consider some of the US Federal Trade Commission (the “FTC”) litigation as well as ACCC cases. That would require the Privacy Commissioner to do that which he has steadfastly refused or failed to do to date.

The FTC has had a very significant win in the US Court of Appeals for the Third Circuit in Federal Trade Commission v Wyndom Worldwide Corporation & ors.  The Court of Appeal has Read the rest of this entry »

Federal Trade Commission finalises order against GMR Transcription Services for weak privacy protections

August 22, 2014

While those in the privacy sphere in Australia watch and wait to see how the Privacy Commissioner will excercise his newly acquired (since 12 March 2014) powers of enforcement under the Privacy Act 1988 the Federal Trade Commission (“FTC”) moves apace in taking to task those engaging in privacy intrusive conduct (via claims that the miscreants misrepresented that they protected their customers privacy).  After announcing orders against Credit Karma and Fandango earlier this week (and posted here) the FTC approves final orders against GMR Transcription Services whose security practices were so deficicent as to expose personal information of thousands of consumers on line, some of which were medical histories adn examination notes.  The settlement was first announced on 31 January 2014.   The period of the settlement order is 20 years.  Onerous by any measure but given the nature of the breach reasonable, particularly as the FTC has no power to fine GMR.  In the UK the Information Commissioner may have been able to impose a monetary penalty. In the last 3 – 4 years the FTC has proven to be quite a vigorous regulator using the limited powers available to it in privacy regulation.  It has also been active in calling for greater privacy controls through appearances before Congressional Committees.

In Australia the Privacy Commissioner may Read the rest of this entry »

Federal Trade Commission releases staff report highlighting problems with mobile shipping apps

August 11, 2014

The US Federal Trade Commission has been raising concerns for some time regarding privacy weaknesses in mobile apps,including taking actions against some app developers.  Mobile shopping apps are popular and almost ubiquitous.  But, as in the FTC reports in What’s the Deal there are real problems with notices to consumers about data collection and use and data security practices.

Regarding collection of consumer data the FTC found Read the rest of this entry »

Federal Trade Commission 2014 Privacy and Data Security update

July 6, 2014

In the United States privacy regulation at a Federal level is sectoral.  There are some strong protections but a lack of general coverage.  The key regulator, the Federal Trade Commission (FTC) wants more powers and broader coverage.  At the moment it has power to take action over unfair and deceptive practices and has powers to enforce the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act.  Its enforcement activities and educational activities even with restrictions are quite impressive.  Certainly something for other privacy regulators to heed.  It has also been a regulator not afraid to take on and best large organisations .

In Federal Trade Commission 2014 Privacy and Data Security Update the FTC provides an update of its activities.  Its settlements and the undertakings it has extracted from organisations are hugely influential for privacy practitioners in the United States.  Given the issues Read the rest of this entry »