On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) filed the first consent order (Order) addressing data privacy since the CFPB’s inception in 2010. The Order serves as a warning to all companies that collect, store and use sensitive customer information that misrepresentation of security practices, as well as noncompliant data protection procedures, will

In late 2015, Congress passed the Fixing America’s Surface Transportation Act − a vehicle for an amendment to the Gramm-Leach-Bliley Act (GLBA) meant to eliminate the need for certain companies to provide annual privacy disclosures to consumers.

The amendment, which took effect immediately, eliminates the annual notice requirement for financial institutions that:

  1. do not share

On December 17, 2015, the Federal Trade Commission (FTC) announced a $100 million settlement with LifeLock, Inc., to resolve litigation with the FTC and a national class of consumers relating to LifeLock’s marketing representations and information security programs.  The settlement stems from allegations that LifeLock violated an earlier 2010 settlement agreement with the FTC.  Once

Last week, the FTC launched a new resource, www.identitytheft.gov, designed to help victims report and recover from identity theft. It provides basic steps that all identify theft victims should take and offers interactive checklists that can be used online or printed.  The user-friendly site also includes sample letters to notify credit bureaus, dispute credit

The Federal Trade Commission (FTC) recently announced formation of its Office of Technology Research and Investigation (OTRI), an office meant to “ensure that consumers enjoy the benefits of technological progress without being placed at risk of deceptive and unfair practices.” The office is meant to expand the scope of work previously conducted by the FTC’S

Last week, President Obama proposed wide-reaching legislation to establish a uniform, nationwide standard for data breach notifications that envisions a significant enforcement role for the Consumer Financial Protection Bureau (CFPB). The proposal, titled the Personal Data Notification and Protection Act, can be found here. In terms of the types of covered data, the White

The FTC’s recent settlement with a medical online payments company and its former CEO highlights the importance of using clear and non-deceptive notices when asking consumers to share or provide sensitive personal health information.

The FTC alleged that Atlanta-based PaymentsMD, LLC used deceptive methods to obtain permission from consumers to collect highly sensitive personal health

The FTC is continuing its trend of enforcement actions against mobile application companies. Most recently, the FTC settled with Snapchat—yet another mobile application provider that allegedly failed to keep its word to consumers regarding data privacy and security. (Previously we discussed the FTC’s similar enforcement actions against Fandango and Credit Karma for broken promises about

February 4, 2014

Perhaps signaling increased scrutiny of Safe Harbor Framework certification, the Federal Trade Commission (FTC) announced recently that it settled 12 enforcement actions where companies had allegedly falsely asserted compliance with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks. The defendant-companies had claimed compliance with the relevant frameworks even though they had let their