Patch your software. Segment your network. Monitor for intruders. According to tech experts, those are security basics for businesses of any size. But when you’re industry giant Equifax – a company in possession of staggering amounts of highly confidential information about more than 200 million Americans – it’s almost unthinkable not to implement those fundamental protections.
Blog Posts Tagged with Gramm-Leach-Bliley Act
The domino principle. The ripple effect. The butterfly phenomenon. Apply the analogy of your choice to describe what happens when one software developer’s allegedly lax security practices result in the breach of confidential customer information maintained by multiple businesses that use the software.
Looking to take a deep dive into the breadth and depth of the FTC’s approach to consumer privacy and data security in the past year? The FTC’s website, including the Business Center, has what you need. But what if you or your clients prefer an at-your-fingertips digest of developments in 2018? We’re got that covered, too.
It’s a given that companies shouldn’t charge consumers hidden fees. But it raises a particular concern when an online lender makes “No Hidden Fees” claims a centerpiece of its marketing – and then deducts from those loans hundreds or even thousands of dollars in hidden up-front fees.
Advances in payment methods could end those open-wallet debates about who owes what for the pizza. But as innovative technologies change how people pay for things, established consumer protection principles apply. An FTC complaint against peer-to-peer payment service Venmo – now operated by PayPal – alleges that the company failed to disclose material information about the availability of consumers’ funds.
One Direction had a hit with a song called “18,” but the FTC’s recent law enforcement and policy initiatives suggest that the agency will continue to pursue many directions in its efforts to protect consumers in ‘18. (Sorry. We’re expecting a fresh shipment of pop culture references in January.) In case you missed them – and in no particular order – here are ten FTC consumer protection topics of note from 2017.
If you or your clients are in the tax preparation field, there are three letters you should focus on. OK, I-R-S may be the first thing on your mind. But as the FTC’s proposed settlement with TaxSlayer suggests, don’t forget those other important letters: G-L-B.
There are three letters every auto dealer should know about. GTO? XKE? Good guesses, but not what we had in mind.
We’re talking about GLB.
The Gramm-Leach-Bliley Act requires financial institutions to give their customers initial and annual notices about their privacy policies. If the company shares certain customer information with particular types of third parties, they also have to give customers the opportunity to opt out of sharing. The FTC’s Privacy of Consumer Financial Information Rule – friends call it the GLB Privacy Rule – explains the specifics.
Maybe it’s a suspicious tax document flagged by your HR staff or a customer concern about an unauthorized charge. Identity theft can reveal itself in many ways. Regardless of the tip-off, there’s a new one-stop federal resource – IdentityTheft.gov – to help people report and recover from ID theft.
53 and it’s likely to go up. That’s the number of data security law enforcement actions the FTC has settled so far. The facts of each case are different, but distilled down to the basics, they stand for one central proposition: Your company’s data security measures should be reasonable and appropriate in light of the sensitivity and amount of consumer information you have, the size and complexity of your business, and the availability and cost of tools to improve security and reduce vulnerabilities.
Ahab hunts big fish.
Captain and whaling boat sink.
Sometimes you want to read all 209,117 words of Moby Dick. Other times a haiku will do. Sometimes you want an in-depth analysis of the FTC’s enforcement, rulemaking, research, education, and international efforts related to privacy and data security. Other times a summary will suffice.
Some things you’d expect to find in a trash can: last night’s potato peelings, the casserole that looked so promising in the cookbook photo, and Oscar the Grouch. But if you run a business, the one thing you don’t want in the dumpster behind your office is paperwork containing sensitive information about your customers. Just ask PLS Financial Services, PLS Group, and the Payday Loan Store of Illinois.
In Short: Advertising and Privacy Disclosures in a Digital World — an FTC workshop to discuss guidance on disclosures in the online and mobile world — is set for May 30, 2012. This is the latest development in the ongoing conversation about revising the FTC’s 2000 guidance publication, Dot Com Disclosures.
If you haven’t already, hover up to your toolbar and bookmark the FTC’s Regulatory Review page. It’s your one-stop resource for what's coming up and what’s going down with Commission rules and guides of interest to your business and your clients. Recent announcements about the FTC's regulatory review schedule make it a must-read.
When the FTC conducts an investigation to see if a company has violated the law, it’s important that the process is efficient and not unduly burdensome on those involved. The FTC’s Rules of Practice lay out the procedures the Commission follows.
Is your briefcase feeling lighter? That’s because your dog-eared copy of Volume 16 of the Code of Federal Regulations (where most FTC rules and guides live) is decidedly thinner these days. For the past two decades, the agency has undertaken a systematic review of its rules and guides to make sure they’re up to date, effective, and not overly burdensome. As each rule comes up for review, we ask ourselves — and you — four questions:
With a corporate name like Lookout, it pays to — well — look out. Unfortunately, according to the FTC’s complaint against Lookout Services, Inc., the company’s questionable security practices left the door open for an employee of one of Lookout’s customers to access sensitive information, including Social Security numbers, of thousands of people.
Consumers have found their voice. And last year they raised it more than 1.3 million times to complain about identity theft, fraud, and products that didn’t live up to the advertising hype.
Break out the bubbly and raise a toast: It's National Consumer Protection Week. NCPW is an annual campaign sponsored by the FTC and nearly 30 other federal agencies, consumer groups, and advocacy organizations, in conjunction with state, county, and local government offices that are sponsoring events nationwide. The goal? To encourage consumers to take full advantage of their rights and make better-informed decisions.
Of course, no legitimate business would put out a welcome mat for crooks. But as the FTC’s data security cases make clear, that’s the effect when companies fail to take reasonable steps to secure sensitive information in their possession — or data they allow others to access. Three recent settlements with companies that resell credit reports illustrate that point.