Financial institutions collect personal information from customers every day, from names and addresses to bank account and Social Security numbers. The Gramm-Leach-Bliley Act’s Safeguards Rule requires those institutions to develop, implement, and maintain a comprehensive information security program. As part of its regulatory review process, the FTC has proposed changes to the Rule.
Blog Posts Tagged with Privacy and Security + Consumer Privacy + Data Security + Identity Theft
The FTC’s administrative litigation against NTT Global Data Centers Americas, Inc., just ended with a proposed settlement – and an important compliance message for companies that claim participation in the EU-U.S. Privacy Shield framework.
During this pandemic, preserving public health has, rightly, been our nation’s top concern. But a lively debate has arisen during this time about whether that top priority necessarily means that other values – such as privacy – need to give way. If tracking people’s location will facilitate contact tracing and enforcement of shelter-in-place mandates, do we give governments and commercial partners carte blanche to track our whereabouts? Will enforcing longstanding privacy requirements impede the flow of life-saving public health information?
For businesses, cloud services are kind of like clouds. At their best, they can be soothing and expansive. But for companies that fail to appreciate the security implications, their ethereal presence may hide dangerous storms within. As cloud computing has become business as usual for many businesses, frequent news reports about data breaches and other missteps should make companies think carefully about how they secure their data.
An FTC complaint against Kohl’s Department Stores alleges the retailer violated the Fair Credit Reporting Act by refusing to provide victims of identity theft with complete records of questionable transactions – a right the FCRA guarantees to victimized consumers. The $220,000 settlement is a reminder to other companies to rethink their approach to that provision of the law.
A large-scale scam involving phony unemployment benefits claims has been making headlines. Criminals, possibly based overseas, are filing claims for benefits, using the names and personal information of people who have not lost their jobs. The investigation is ongoing, but this much is known: the fraud is affecting tens of thousands of people, slowing the delivery of benefits to people in real need, and costing states hundreds of millions of dollars.
Way back in Marketing 101, we learned that consumers factor a number of features into their purchase decisions: price, performance, product positioning, and personal preference, to name just a few. The FTC’s proposed settlement with game developer Miniclip serves as a reminder of another important alliterative consideration for many consumers: privacy.
Next on the FTC’s regulatory review calendar: the Health Breach Notification Rule. In place since 2009, the Rule requires vendors of personal health records and related entities that aren’t covered by HIPAA to notify individuals, the FTC, and, in some cases, the media when there has been a breach of unsecured personally identifiable health data.
As part of its regulatory review, the FTC announced earlier this year Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. If the Safeguards Rule is of interest to you or your clients, you’ll want to know about three new developments.
In these unprecedented times, the Commission is working on all fronts to stop pandemic-related scams or deception – and to warn consumers and businesses about them. But our work in other areas continues, too. Today, we’re taking a minute to take stock of some of the highlights from 2019.
Between social distancing and COVID-19 stay-at-home orders, companies are turning to video conferencing services to get down to business. While these services help you connect, they also pose new privacy and data security risks. Here are some tips to keep in mind before hosting or joining a video conference online:
“Social distancing,” “shelter-in-place,” “virtual happy hour”— these are some of the new expressions on everyone’s lips the past few weeks. For many, add “remote learning” to the list. Because of school closures, millions of students are now using online, education technology (or “ed tech”) services to engage in remote learning from home. And while this fills a vital need, it’s important to keep in mind that many of these ed tech services collect and use student’s personal information.
Headlines tout rapid improvements in artificial intelligence technology. The use of AI technology – machines and algorithms – to make predictions, recommendations, or decisions has enormous potential to improve welfare and productivity. But it also presents risks, such as the potential for unfair or discriminatory outcomes or the perpetuation of existing socioeconomic disparities. Health AI offers a prime example of this tension.
If your business makes “smart” devices, you’ll want to read about Tapplock’s settlement with the FTC. It’s one more example of why businesses in the Internet of Things (IoT) space need to think about privacy and security when designing connected products.
Consumers have come to expect their devices to be portable, but what about their data? The FTC just announced Data to Go, a public workshop set for September 22, 2020, to take a closer look at the potential benefits and challenges to consumers and competition raised by data portability.
It’s an unprecedented time. But even in the midst of monumental change, the FTC’s commitment to its consumer protection mission remains constant. Here’s a statement from Chairman Simons about the ongoing work of the Bureau of Consumer Protection:
We’ve warned consumers about Coronavirus-related scams, but businesses are at risk, too. Keep your guard up against these seven B2B scams that try to exploit companies’ concerns about COVID-19. In addition to sharing this information with your employees and social networks, read on for how you can report Coronavirus scams to the FTC.
Even as we all adjust to day-to-day changes, your work – and the work of the FTC – continues. If you’re a technologist or academic interested in presenting your latest research at the FTC’s PrivacyCon 2020, please let us know by April 10, 2020. Check out the Call for Presentations and respond by the deadline.