Privacy Law Blog

Tag Archives: FTC

We Were Wrong About the Third Time Being A Charm: FTC Delays Enforcement of Red Flags Rule Yet Again

Today, at the urging of Members of Congress, the Federal Trade Commission (“FTC”) announced that it will delay enforcement of its Red Flags Rule for the fourth time. Financial institutions and creditors subject to enforcement by the FTC will now have until June 1, 2010 to develop written policies and procedures to detect and respond … Continue Reading

COPPA Enforcement Action

Earlier today, the FTC announced its latest COPPA enforcement action (http://www.ftc.gov/opa/2009/10/iconix.shtm).  Iconix Brand Group, Inc., the operator of websites featuring its apparel brands, was fined $250,000 for collecting personal information from children without complying with COPPA’s parental consent rubric. The FTC cited the websites associated with the brands Mudd, Candie’s, Bongo and OP, which are … Continue Reading

FTC Continues Safe Harbor Enforcement Streak With Six New Proposed Settlements

On October 6, 2009, in one fell swoop, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. Specifically, these companies (World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC) were alleged to have continued … Continue Reading

Third Time’s A Charm: FTC Delays Enforcement Of The Red Flags Rule Again

The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in … Continue Reading

Doesn’t Alice Live Here Anymore? FACTA and the Address Discrepancy Rule

Section 315 of FACTA requires institutions that utilize consumer reports (“users”) to develop and follow certain procedures when notified of an address discrepancy  by a national CRA (Equifax, Experian and TransUnion). Under FACTA, national CRAs are required to issue a “notice of address discrepancy” when an address provided by a user requesting a consumer report “substantially … Continue Reading

EPIC Petitions for a Closer Look at the Cloud – Privacy Group Asks the FTC to Investigate Google Cloud Computing for Inadequate Safeguards and Unfair and Deceptive Trade Practices

The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.… Continue Reading

FTC Provides Last Clear Chance for Industry to Self-Police in a Target-Rich Environment

On February 12, 2009, the FTC issued its long-anticipated Staff Report on Self-Regulatory Principles for Online Behavioral Advertising. The revised Self-Regulatory Principles are the result of a year of study of the more than 60 comments provided by industry, advocacy organizations, academics, and individual consumers in response to the FTC's proposed self-regulatory principles issued in late 2007. … Continue Reading

Consumer Advocacy Groups Request Federal Trade Commission Action To Stop Perceived “Threat” From Mobile Marketing

In a year when behavioral advertising was already expected to be at the top of the hot button privacy issues list, on January 13, 2008, the Center for Digital Democracy (“CDT”) and U.S. Public Interest Research Group (“US PIRG”) filed a document with the Federal Trade Commission (“FTC”) urging the FTC to investigate online mobile … Continue Reading

Federal Court Enjoins Sale of Keylogger Program

A U.S. District Court for the Middle District of Florida recently issued a preliminary injunction ordering CyberSpy Software, LLC to stop promoting and selling “RemoteSpy,” a keylogger software program that, once installed on a computer, collects information regarding use of the computer.… Continue Reading

FTC Suspends Enforcement of Red Flag Rules For Six Months

The Federal Trade Commission (“FTC”) recently announced that it will not enforce the new Red Flag Rules until May 1, 2009, giving financial institutions and creditors an additional six months to comply by developing and implementing a written identity theft prevention program.  In an Enforcement Policy Statement released on October 22, 2008, the FTC acknowledged … Continue Reading

Telemarketers Beware: New FTC Restrictions on Prerecorded Calls Take Effect Soon

Effective September 1, 2009, companies subject to FTC jurisdiction will not be able to make interstate prerecorded telemarketing calls to EBR consumers absent the prior express written agreement of the consumer. Effective December 1, 2008, any company that continues to make such calls must comply with new restrictions that will continue even after September 1, 2009 when prior express written consent of the consumer is mandatory. … Continue Reading

FTC Sets Sights on Goal: Student Lender Taken to School for Data Security Breakdowns

On March 4 the FTC announced that a consent agreement has been reached in its 17th case challenging data security practices by a company handling sensitive consumer information. Goal Financial, LLC, a San Diego-based student loan company, has agreed to implement a comprehensive information security program, avoid future misrepresentations about its data security practices, and receive independent, third-party audits of its data security program every two years for the next 10 years. The consent order does not provide for a civil fine. … Continue Reading

For Companies Whose Data Security Practices Are Lacking, Life is [Not So] Good

The Federal Trade Commission announced on January 17, 2008 that it has agreed in principle to a consent order with Life is good, Inc. and Life is good Retail, Inc. (collectively "Life is good") resolving allegations that the apparel company collected sensitive information from consumers and failed to secure it in compliance with its own privacy and security policies. The consent order against Life is good, among other things, prohibits future deceptive privacy and security claims and requires the company to implement a comprehensive information security program that includes biennial audits by an independent security professional for the next twenty years. … Continue Reading

First FACTA Disposal Rule FTC Settlement Leaves American United Down in the Dumps

On December 18, the FTC announced a settlement in its 15th case (and its first in 13 months) addressing the data security practices of companies handling sensitive consumer information. American United Mortgage Company agreed to pay a $50,000 penalty for failing to implement reasonable safeguards to protect customer information and failing to provide customers with privacy notices. … Continue Reading

FTC Staff Issues Proposed Self Regulatory Principles for Behavioral Advertising and Seeks Comment

FTC staff issued a statement today proposing four “self-regulatory” principles to guide businesses engaged in online behavioral advertising. FTC staff also seeks public comments on these principles as well as additional information on what other uses businesses are making of online tracking data. Interested parties can submit comments by February 22, 2008. The statement, titled “Online Behavioral … Continue Reading
LexBlog