On November 9, 2020, the United States Federal Trade Commission (FTC) announced that it had entered into a consent agreement, subject to final approval, with videoconferencing company Zoom Video Communications, Inc. (Zoom). The consent agreement settles allegations that Zoom engaged in a series of deceptive and unfair practices that undermined the security of its users. The Commission voted 3–2 to accept the settlement, with Commissioners Chopra and Slaughter voting no and issuing dissenting statements asserting that the FTC’s action did not go far enough.
While the FTC generally does not identify what triggers a law enforcement action, there have been many news articles and a number of class actions filed in connection with Zoom’s data-security practices over the past six months that likely led to this action.
Continue reading “FTC Settlement with Zoom Concerning Alleged Data-Security Lapses”
Despite the business disruptions brought on by the novel coronavirus, enforcement of the California Consumer Privacy Act (CCPA) is still set to begin on July 1. With that key date just around the corner and companies facing a new slate of COVID-19-related privacy issues, we cover the high-level action items California businesses should address to help get their compliance programs up to speed.
For the full alert, visit the Faegre Drinker website.
On December 26, 2019, the U.S. State Department’s Directorate of Defense Trade Controls announced it is amending the International Traffic in Arms Regulations (ITAR) to streamline requirements for the secure storage and transfer of defense technical data. This rule change has important implications for IT service providers and companies that may wish to use cloud-based systems and services for the transfer, processing, and storage of ITAR technical data.
Read the full alert to learn about the new regulations and their potential benefits to U.S. companies and their overseas partners.
The Federal Trade Commission’s Opinion finding that Cambridge Analytica engaged in deceptive practices to harvest personal information closes another chapter in the Commission’s actions against Cambridge Analytica and its former chief executive and app developer. The opinion is noteworthy for two reasons. First, the procedural posture of this matter is unique because Cambridge Analytica failed to appear or to answer the complaint. This allowed the Commission under its Rules of Practice to find the facts to be as alleged in the complaint and to enter a final decision. Second, the Commission’s opinion holds that a false express privacy claim is material and thus violates Section 5 of the FTC Act.
Continue reading “FTC Opinion Holds False Express Privacy Claims are Material”
Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.
Continue reading “Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report”
The Office of Management and Budget (OMB) has issued a recent memorandum that moves the federal government forward in embracing the importance of the “governance” of data.
Continue reading “An Update on Federal Policy Regarding Chief Data Officers and Data Governance: New OMB Memo”