The U.S. Circuit Court of Appeals for the 11th Circuit vacated the LabMD Federal Trade Commission order but did not challenge the Commission’s ability to use its unfairness authority to challenge inadequate data security practices in a closely watched case that tested the commission’s enforcement powers.
Continue reading “Eleventh Circuit Vacates FTC LabMD Order but Does Not Challenge FTC Authority”
A vast majority of companies report feeling vulnerable to data breaches and security threats, according to a recent report published by a data security provider and information technology advisory company. It is predicted that companies are planning on spending more than ever before to protect themselves in 2018.
The report, published by Thales eSecurity and 451 Research, summarizes the surveyed responses of more than 1,200 senior security executives employed in the U.S., U.K., Germany, Japan, Sweden, the Netherlands, Korea, and India. Of these respondents, more than one-third had major influence on security-decision making, and nearly half had sole-decision making authority.
Continue reading “Data Security Concerns Continue in 2018 – Survey Provides New Insight”
The Federal Trade Commission’s (FTC) Bureaus of Consumer Protection and Economics will host a workshop to examine consumer injury in the context of privacy and data security on Dec. 12, 2017. Consumer injury is often difficult to quantify generally and especially challenging when there are allegations of a privacy or data security breach or other types of unauthorized access to personal information. The FTC’s workshop will explore how to measure accurately such injuries; what frameworks might be used to assess different injuries as well as how consumers and businesses evaluate the benefits and costs associated with providing, collecting and using personal information.
Continue reading “Mark your calendars! FTC Workshop on Information Injury set for December”
The Federal Trade Commission (“FTC”) announced, subject final approval after a 30-day comment period, a consent order with Uber Technologies (“Uber”) settling allegations that Uber misrepresented the extent to which it monitored its employees’ access to personal information about users and drivers and that it took reasonable steps to secure such information. The consent agreement does not contain monetary penalties, but does prohibit Uber from misrepresenting its privacy and security practices and requires that Uber establish a comprehensive privacy program that includes an independent third-party audit every two years for the next 20 years. The FTC’s complaint highlights practices that the FTC finds fail to provide reasonable security when utilizing the services of a third-party could storage service, Amazon Web Services (“AWS”).
Continue reading ““Do What You Say and Say What You Do” — The FTC’s Settlement with Uber”
