Part III: Has Congress Spoken and Does It Really Matter? The Wyndham Worldwide Case and the Expanding Power of the FTC to Police Data Security
Be sure to check out our new advisory examining the joint policy statement that the Federal Trade Commission and Department of Justice issued to facilitate companies’ sharing of cybersecurity information. The policy statement seeks to reduce uncertainty under antitrust laws for companies wishing to share strategies for preventing and combating cyber-attacks, by stating the agencies’ analytical framework for such information sharing under their longstanding Antitrust Guidelines for Collaborations Among Competitors. As explained in the advisory, the new policy statement should be helpful as far as it goes, but companies should still proceed cautiously so as not to stray into the area of prohibited concerted activity, and should keep in mind that the new statement does not reduce potential liability under electronic privacy laws for the disclosure of communications or personal information related to cyber threats. You can read the advisory here.
Part II: Fair Notice or No Notice? The Wyndham Worldwide Case and the Expanding Power of the FTC to Police Data Security
By Adam H. Greene
The new audits will look little like the old ones, with OCR conducting the audits itself and focusing on more high-risk areas, abandoning on-site visits, and potentially integrating audits into OCR's formal enforcement program. To prepare, we suggest that covered entities and business associates consider the following steps:
Part I: The Elephant Emerges From the Mousehole: The Wyndham Worldwide Case and the Expanding Power of the FTC to Police Data Security
In support of its motion to dismiss the FTC’s complaint alleging data security deficiencies in violation of Section 5 of the FTC Act, Wyndham Worldwide Corporation cited the Supreme Court’s opinion in Whitman v. American Trucking Ass’ns, which cautioned against agencies utilizing vague statutory provisions to alter “fundamental details of a regulatory scheme”, and colorfully stating that “[Congress] does not, one might say, hide elephants in mouseholes.” See 531 U.S. 457, 468 (2001).
Eleventh Circuit Adopts Seventh Circuit Jurisprudence Imposing Strict TCPA Liability on Autodialed and Prerecorded Calls and Texts
The United States Court of Appeals for the Eleventh Circuit issued a decision in Osorio v. State Farm Bank aligning that court with the Seventh Circuit on how Telephone Consumer Protection Act (TCPA) restrictions on automated and/or prerecorded calls and texts to cell phones can effectively impose strict liability, even if a calling party believed it had consent for the calls.
As reported in Spring 2012, the Seventh Circuit case of Soppet v. Enhanced Recovery held that, where a company gets prior express consent to prerecorded-call and/or to auto-dial or auto-text a cell phone, as the TCPA requires, the caller can still be liable, if at the time the call is made the cell number has been reassigned to a new subscriber who did not consent. This ups the ante considerably for companies who use automated dialing systems to reach customers, as does the new Eleventh Circuit Osorio decision, which holds, relying on Soppet, that “the consent must come from the current subscriber.” Osorio is as concerning as Soppet given that TCPA limits on calls to cells encompass autodialed live-agent calls, prerecorded calls, and texts via autodialer, all without regard to the content of a call – i.e., whether it is marketing, or only for customer-care, debt-collection, or other informational purposes.Continue Reading...
Be sure to check out our recent advisory discussing two new Federal Communications Commission (FCC) declaratory rulings that involve communicating with cell phones via autodialed calls and texts, and by prerecorded call. The rulings respectively allow the consent necessary for such calls to come from intermediaries for text-based social networks, and for package-delivery services to rely on assurances by package sender that addressees consent to autodialed/prerecorded calls/texts with delivery information. Along the way, the FCC makes several broad and business-friendly statements that should help clarify current uncertainty surrounding the TCPA, and hopefully serve as a defense for some in what has become a booming TCPA class action practice. You can access the advisory here.
But One Vote is Not Enough for Action, Nor Does Action Assure a Favorable Outcome
FCC Commissioner Michael O’Rielly recently blogged that “It is Time to Provide Clarity” on issues swirling around application of the Telephone Consumer Protection Act (TCPA). To this we say, “Hear, Hear!”Continue Reading...