Peter A Clarke

In August 2017 Uber entered into a consent agreement with the US Federal Trade Commission (FTC) arising out of a data breach in May 2014 which revealed Uber’s unreasonable security practices.  I did a post on this settlement in August here. Settlements with the FTC can be onerous, unlike the limp enforceable undertakings in Australia, but better than being the subject of litigation.  Unfortunately Uber knew in 2016 that it had suffered a data breach in 2016 from lax security associated with third party cloud services, while the FTC was investigating the 2014 breach, but did not disclose it to the FTC.  In fact it deliberately covered it up and attempted to pay off the hackers (see my post in November 2017). A classic case of the cover up causing more problems than the breach for the organisation.

The FTC described it Read the rest of this entry »

The Federal Trade Commission announced a settlement between it, 32 State Attorneys General and Lenovo relating to a complaint that it harmed consumers privacy and compromised data security with preloaded man in the middle software onto some of its laptops.  The software, described as VisualDiscovery, delivered ads to the lap top owners but in doing so compromised security protections.

This is a huge settlement which deals with Read the rest of this entry »

The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.

As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

The purchase of data in the United States is longstanding and has given rise to a data broking industry.  Under the Privacy Act such Read the rest of this entry »

The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security.  The terms of the settlement are onerous.  As they should be.  It would be Read the rest of this entry »

The Federal Trade Commission (“FTC”) brought a complaint against InMobi for tracking hundreds of millions of its consumers locations without permission. InMobi represented that it would only track consumers’ locations when they opted in for that function.  In fact the tracking device operated whether there was consent or not.  Worse, the tracking device operated when there was a specific denial of Read the rest of this entry »

Never let it be said that the Federal Trade Commission (“FTC”) doesn’t have a sense of humour.  When it took issue with a Henry Shein Practice Solutions Inc’s claim that its software encrypted dental patients’ data its press release was FTC takes on toothless encryption claims for dental practice software.  Nice.

What is more of a worry is Read the rest of this entry »

I posted August 2015 (found here) on the significant win by the Federal Trade Commission (“FTC”) in the Court of Appeal on its powers to enforce data security in Federal Trade Commission v Wyndham Worldwide Corporation & ors.  The result was a milestone Read the rest of this entry »

When, or even if, the Privacy Commissioner exercises his powers under the Privacy Act in relation to poor privacy policies and standards it could do worse than consider some of the US Federal Trade Commission (the “FTC”) litigation as well as ACCC cases. That would require the Privacy Commissioner to do that which he has steadfastly refused or failed to do to date.

The FTC has had a very significant win in the US Court of Appeals for the Third Circuit in Federal Trade Commission v Wyndom Worldwide Corporation & ors.  The Court of Appeal has Read the rest of this entry »