Privacy & Information Security Law Blog

On December 21, 2015, the Federal Trade Commission announced software company Oracle Corporation (“Oracle”) has agreed to settle FTC charges that accused the company of misrepresenting the security of its software updates. The proposed Agreement Containing Consent Order (“Consent Order”) stems from an FTC complaint that alleged the company had deceived consumers about the security provided by updates to the Java Platform, Standard Edition software (“Java SE”).

On June 30, 2015, the Federal Trade Commission announced its new “Start With Security” business education initiative, which will provide businesses with information on data security and how to protect consumer information.

On November 16, 2015, the Federal Trade Commission will host a workshop in Washington, D.C., to examine the benefits and privacy risks associated with “cross-device tracking.” The workshop intends to highlight the types of cross-device tracking techniques and how businesses and consumers can benefit from these practices. The workshop also will address related privacy and security risks, and discuss whether self-regulatory programs apply to these practices.

On June 4, 2014, the U.S. Government Accountability Office (“GAO”) testified before the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law on GAO’s findings regarding (1) companies’ use and sharing of consumer location data, (2) privacy risks associated with the collection of location data, and (3) actions taken by certain companies and federal agencies to protect the privacy of location data. GAO’s testimony relates to its 2012 and 2013 reports that examined the collection of location data by certain mobile industry companies and in-car navigation providers.

On May 23, 2014, the Federal Trade Commission announced that the FTC’s Bureau of Consumer Protection sent a letter to the court overseeing the bankruptcy proceedings for ConnectEDU Inc. (“ConnectEDU”), an education technology company, warning that the proposed sale of the company’s assets raises privacy concerns. ConnectEDU’s assets include personal information collected from students, high schools and community colleges in connection with the company’s website and affiliated services.

On April 10, 2014, the Federal Trade Commission announced that the Director of the FTC’s Bureau of Consumer Protection had notified Facebook and WhatsApp Inc., reminding both companies of their obligation to honor privacy statements made to consumers in connection with Facebook’s proposed acquisition of WhatsApp.

On January 16, 2014, the Federal Trade Commission announced a settlement with TeleCheck Services, Inc., and its affiliated debt-collection entity, TRS Recovery Services, Inc. (collectively, “TeleCheck”). The settlement stems from allegations that TeleCheck violated various provisions of the Fair Credit Reporting Act (“FCRA”). According to the press release, the settlement is “part of a broader initiative to target the practices of data brokers, which often compile, maintain, and sell sensitive consumer information” and is similar to an FTC settlement with a different company in August 2013.

On November 19, 2013, the Federal Trade Commission held a workshop in Washington, D.C. to discuss The Internet of Things: Privacy & Security in a Connected World. FTC Chair Edith Ramirez and FTC Senior Attorney Karen Jagielski provided the opening remarks. Chairwoman Ramirez raised three key issues for workshop participants to consider:

On August 29, 2013, the FTC announced that it had filed a complaint against LabMD, Inc. (“LabMD”) for failing to protect consumers’ personal data. According to the complaint, LabMD, which performs various laboratory tests for consumers, exposed the personal information of more than 9,000 consumers on a peer-to-peer (“P2P”) file-sharing network. Specifically, a LabMD spreadsheet that was found on the P2P network contained names, Social Security numbers, dates of birth, health insurance information and medical treatment codes. In another instance, identity thieves were able to obtain LabMD documents that contained the personal information of more than 500 consumers, including names, Social Security numbers and bank account information.

On June 17, 2013, the Federal Trade Commission announced that FTC Chair Edith Ramirez has appointed Jessica Rich as Director of the Bureau of Consumer Protection. Rich has served in several leadership roles in the FTC’s Bureau of Consumer Protection during her 20-year tenure with the agency. Most recently, she served as Associate Director of the Division of Financial Practices.

The Federal Trade Commission’s second “Exploring Privacy” roundtable concluded Thursday, January 28, 2010.  The roundtable did not provide many firm conclusions, but it did help further refine some hard issues facing privacy protection.

Although Thursday’s hearing was intended to be devoted to technology issues, the role of regulation appeared to dominate the discussions.  “Everyone is dying to talk about regulation,” said Jessica Rich, Deputy Director of the Bureau of Consumer Protection, moderating a panel on Technology and Policy.

Senior staff changes at the Federal Trade Commission have enhanced privacy’s profile within the agency.  Jessica Rich is the new Deputy Director of Consumer Protection.  Ms. Rich has been the Acting Associate Director responsible for the Division of Privacy and Identity Protection following nearly a decade as Assistant Director for the Division.  Rich has long been seen as the FTC’s staff’s privacy thought leader.  The new Privacy Division Associate Director is Maneesha Mithal.  Ms. Mithal brings a strong international background to the position.  The new Assistant Director is ...