The Federal Trade Commission (FTC) and U.S. Department of Education (ED) increasingly are responding to concerns about educational technology and its ability to capture and manipulate massive quantities of private student and parent data. “EdTech,” as it is called, broadly refers to online curriculum and instructional materials accessed by school and personal devices. EdTech has
FTC
FTC Monitors Claims of Privacy Shield Compliance
On September 15, 2017, the Trump White House released a Press Release regarding the EU-U.S. Privacy Shield—reiterating that they “firmly believe that the upcoming review [of the EU-U.S. Privacy Shield] will demonstrate the strength of the American promise to protect the personal data of citizens on both sides of the Atlantic.”
The first alliance of…
FTC Provides Guidance on Data Security in Its “Stick With Security” Blog
Building on the FTC’s “Start with Security” guide for businesses, the agency launched the “Stick with Security” blog on July 21, 2017. The blog provides additional guidance on each of the 10 fundamental principles of data security through hypotheticals based on FTC decisions, questions submitted, and FTC enforcement actions. Each week,…
LabMD Successfully Delays FTC’s Data Security Enforcement During Appeal
In another twist in the LabMD case, LabMD has succeeded in obtaining a delay on the FTC’s enforcement action during its appeal. Of course, the substantive issues remain to be determined.
In 2013, the Federal Trade Commission (FTC) issued an administrative complaint against LabMD for alleged “unfair” data security practices culminating in an Opinion…
A Closer Look: Practical Tips to Managing a Ransomware Attack (Part 1)
The Federal Trade Commission (FTC) is conducting a three-part fall conference workshop on select technology issues. The first conference was held on September 7th about ransomware. The second conference was held on October 13th about Drones and the last conference will be December 13th about Smart TVs. This is the first…
When Botnets Attack: How Hackers Shut Down the Internet
Beginning early on October 21, 2016, Dyn, a New Hampshire based internet service company, was the victim of three distributed denial of service (DDoS) attacks. The first attack began at 7am ET and was resolved within about two hours. A second attack began just before noon and a third attack just after 4pm ET. Described…
UPDATE: Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures
As anticipated, things are getting even more exciting with the case previously covered in Password Protected. Specifically, LabMD is appealing the landmark data security case between it and the Federal Trade Commission (“FTC”) that examines an alleged data breach, despite the absence of identifiable harm. The case is poised to become a major driver…
Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures
While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29, 2016, the FTC issued a unanimous Opinion and Final Order against LabMD, Inc., for its unreasonable data security…
The Cost of Noncompliance: LifeLock Continues to Pay
LifeLock, Inc. made headlines in December 2015 when it finalized a $100 million settlement with the Federal Trade Commission—the largest monetary award ever in an FTC order enforcement action. As reported by McGuireWoods’ Password Protected blog, the 2015 enforcement action stemmed from allegations that LifeLock breached a 2010 settlement with the FTC mandating, among other…
FTC Releases Mobile Health Apps Interactive Tool
Consider this: A 42-year-old man arrives at the emergency room showing signs of a heart attack. The ER doctors, using the patient’s activity tracker—in this case, a Fitbit® —are able to pinpoint when the patient’s normal heartrate of 70 bpm jumped up to 190 bpm. On the device’s mobile health app, the doctors are able…