Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Monthly Archives: July 2009

“Red Flag”. . . or White Flag?

Posted in Marketing and Consumer Privacy

The latest in the ongoing saga/delay with regard to the effective date for those subject to the Federal Trade Commission’s version of the Identity Theft Red Flag Rules is that the FTC has announced that the deadline by which affected businesses must comply has been extended – yet again – to November 1, 2009.  This is the third extension of the compliance deadline, for which the “mandatory compliance” date was originally November 1, 2008.  It was later extended – first to May 1, 2009, then to August 1, 2009, and now to November 1, 2009 – after confusion arose as to whom the rules applies and how to comply with them.  This raises the question, which the FTC itself has acknowledged, of whether Congress wrote the rules too broadly.

When the FTC announced the first extension, it stated it was stepping up outreach efforts to explain the rules to the various entities to which they apply.  With the second extension, the FTC released a “How-To Guide for Business” to assist those faced with complying.  Meanwhile, the FTC created a dedicated Red Flags Rule website, but rejected a request by the American Medical Association for clarification ... Continue Reading

A $6 Million Reminder That FCC Still Has Work To Do On Telemarketing And Federal Preemption

Posted in Marketing and Consumer Privacy

Last week came news that DISH Network LLC signed an Assurance of Voluntary Compliance (“AVC”) with the Attorneys General of 46 states, in which it agreed to pay nearly $6 million – plus, potentially, additional restitution – and to modify its sales practices to settle claims that it failed to follow telemarketing do-not-call laws and engaged in unfair trade practices.  The agreement, which DISH executed with regulators from every state but California, Illinois, North Carolina, and Ohio, notes that among the alleged violations were failure “to comply with federal, state and/or local laws regarding telemarketing,” but denies any wrongdoing.  The AVC also called for DISH to comply with such state laws going forward.

The extent to which Attorneys General leveraged their states’ telemarketing laws in the settlement, and to require future compliance, is a troubling reminder that it has been more than half a decade that the Federal Communications Commission (“FCC”) has sat on petitions, declaratory ruling requests, and other calls for it to follow through on its promise to preempt the application of state laws to interstate telemarketing if they differ from federal standards.  Specifically, when it joined the Federal Trade Commission to update federal telemarketing rules in 2003, ... Continue Reading

Advertising Industry Publishes Self-Regulatory Principles for Online Behavioral Data Collection

Posted in Marketing and Consumer Privacy

By Robert J. Driscoll, Paul Glist and Jennifer Small

On July 2, 2009, a group of advertising industry associations published the Self-Regulatory Principles for Online Behavioral Advertising (PDF)—a set of guidelines concerning the collection and use of online behavioral data by advertisers, service providers, publishers and ad networks.

The principles, drafted by the American Association of Advertising Agencies (4A’s), the Association of National Advertisers (ANA), the Direct Marketing Association (DMA), the Interactive Advertising Bureau (IAB) and the Council of Better Business Bureaus (BBB), focus on the areas that the Federal Trade Commission (FTC) has identified as desirable for industry self-regulation.  The principles set forth recommended practices for providing consumers with greater control over online behavioral advertising.

These proposed self-regulatory principles arise against a backdrop of growing political and consumer awareness of privacy issues.  FTC Chairman Jon Leibowitz has twice warned the industry that it is facing the “last clear chance” to avoid specific governmental regulation.  The FTC has stepped up enforcement action in the area, recently proposing an order against Sears that treats formal notices of Web tracking buried in fine print as “unfair” or “deceptive” under current law.

This advisory provides a brief overview of the new ... Continue Reading