Peter A Clarke

While those in the privacy sphere in Australia watch and wait to see how the Privacy Commissioner will excercise his newly acquired (since 12 March 2014) powers of enforcement under the Privacy Act 1988 the Federal Trade Commission (“FTC”) moves apace in taking to task those engaging in privacy intrusive conduct (via claims that the miscreants misrepresented that they protected their customers privacy).  After announcing orders against Credit Karma and Fandango earlier this week (and posted here) the FTC approves final orders against GMR Transcription Services whose security practices were so deficicent as to expose personal information of thousands of consumers on line, some of which were medical histories adn examination notes.  The settlement was first announced on 31 January 2014.   The period of the settlement order is 20 years.  Onerous by any measure but given the nature of the breach reasonable, particularly as the FTC has no power to fine GMR.  In the UK the Information Commissioner may have been able to impose a monetary penalty. In the last 3 – 4 years the FTC has proven to be quite a vigorous regulator using the limited powers available to it in privacy regulation.  It has also been active in calling for greater privacy controls through appearances before Congressional Committees.

In Australia the Privacy Commissioner may Read the rest of this entry »

The US Federal Trade Commission has been raising concerns for some time regarding privacy weaknesses in mobile apps,including taking actions against some app developers.  Mobile shopping apps are popular and almost ubiquitous.  But, as in the FTC reports in What’s the Deal there are real problems with notices to consumers about data collection and use and data security practices.

Regarding collection of consumer data the FTC found Read the rest of this entry »

In the United States privacy regulation at a Federal level is sectoral.  There are some strong protections but a lack of general coverage.  The key regulator, the Federal Trade Commission (FTC) wants more powers and broader coverage.  At the moment it has power to take action over unfair and deceptive practices and has powers to enforce the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act.  Its enforcement activities and educational activities even with restrictions are quite impressive.  Certainly something for other privacy regulators to heed.  It has also been a regulator not afraid to take on and best large organisations .

In Federal Trade Commission 2014 Privacy and Data Security Update the FTC provides an update of its activities.  Its settlements and the undertakings it has extracted from organisations are hugely influential for privacy practitioners in the United States.  Given the issues Read the rest of this entry »

The US Federal Trade Commission (the “FTC”) has given evidence to the Senate’s subcommittee for privacy, technology and the law of the Committee on the Judiciary on geolocation privacy on 4 June 2014. It is a very interesting statement which effectively describes the privacy implications of the use of geolocation apps and software.  The lack of transparency in the marketing and delivery of those apps and software is a significant concern.  As the FTC makes clear the data that can be collected is often sensitive.  It can also be an effective tracking, if not stalking device.  The management, use and disclosure of that data can have significant consequences for individuals.  Apart from the obvious breach of privacy the data can be used for predictive analytics.

The FTC media statement provides:

The Federal Trade Commission testified before Congress on the Commission’s efforts to address the privacy concerns raised by the tracking of information about consumers’ location, as well as proposed legislation to protect the privacy of geolocation data.

Delivering testimony before the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law, Jessica Rich, Director of the FTC Bureau of Consumer Protection, outlined the FTC’s ongoing efforts to protect the privacy of consumers’ geolocation information through enforcement, policymaking, and consumer and business education.

Precise geolocation data is sensitive personal information increasingly used in consumer Read the rest of this entry »

The Federal Trade Commission (the “FTC”) is the primary Federal agency regulating privacy and dealing with breaches. It is a misnomer to say that there is no privacy protection in the USA. It is however regulated more sectorely and privacy is weighed against other rights and interests.  The distinction between the USA’s approach to privacy protection, in particular of personal information, and that of the European Union is set out in Reconciling Personal Information in the United States and European Union by Daniel Solove, a privacy expert in academe and Paul Shwartz.  The Australian regulation of privacy is more consistent with the European Model and legislation however the Privacy Act 1988 has significant weaknesses and as such the extent of privacy protection is less effective than in EU countries.

Yesterday the FTC released a groundbreaking report DATA BROKERS A Call for Transparency and Accountability regarding the operations of and, more importantly, problems with data brokers.  It exposes significant problems with transparency and fairness in the way many businesses collect, use and disclose personal information.

The press release neatly summarises the issues and the need for Federal Legislation to properly regulate the industry.  It provides:

In a report issued today on the data broker industry, the Federal Trade Commission finds that data brokers operate with a fundamental lack of transparency. The Commission recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them collected and shared by data brokers.

The report, “Data Brokers: A Call for Transparency and Accountability” is the result of a study of nine data brokers, representing a cross-section of the industry, undertaken by the FTC to shed light on the data broker industry. Data brokers obtain and share vast amounts of consumer information, typically behind the scenes, without consumer knowledge. Data brokers sell this information for marketing campaigns and fraud prevention, among other purposes. Although consumers benefit from data broker practices which, for example, help enable consumers to find and enjoy the products and services they prefer, data broker practices also raise privacy concerns.

“The extent of consumer profiling today means that data brokers often know as much – or even more – about Read the rest of this entry »

Yesterday the Federal Trade Commission (the FTC) testified to the US Senate Committe on Commerce, Science and Transportation regarding cyber security and data breaches.  It is a very useful oversight of what the FTC does, how it approaches regulation and what results it has achieved.

The FTC called for more comprehensive data protection regulation and mandatory data breach notification laws at a Federal level.  Most states in the USA have some form of data breach notification legislation. Australia has no such requirement at either State or Federal level.

The FTC’s statement is found here and it provides, absent footnotes:

The US Federal Trade Commission and the UK Information Commissioner’s Office have signed a memorandum of understanding to promote increased co operation as part of increasing consumer privacy.

The media release (with pictures found here) provides (absent photographs):