Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Monthly Archives: August 2011

FTC Announces First-Ever COPPA Enforcement Action Against Mobile Apps

Posted in Marketing and Consumer Privacy

By David Silverman

The Federal Trade Commission (“FTC”) announced that it has obtained a consent decree requiring payment of a $50,000 penalty for violations of the Children’s Online Privacy Protection Act (“COPPA”) and FTC rules implementing it, marking its first ever COPPA enforcement proceeding involving mobile phone applications (“apps”). The new app enforcement action follows in the wake of another FTC action brought this past spring involving “virtual worlds” that resulted in the largest COPPA civil settlement to date.The enforcement actions show an FTC branching out from traditional websites that may collect children’s personal information (“PI”), to newer media, even while it is in the midst of a proceeding weighing whether and how it should update the COPPA rules to address new platforms and online apps through which children’s PI can be collected.... Continue Reading

House Subcommittee Approves Data Security Bill

Posted in Cyber and National Security

By Richard Gibbs

On July 20, 2011, the House Commerce, Manufacturing and Trade subcommittee approved the Secure and Fortify Electronic (SAFE) Data Act (“SAFE Data Act” or “Act”) in a voice vote. The text of the bill is available here. The measure will now move to the full Energy and Commerce Committee for consideration. The bill would establish a national standard for when companies are required to notify consumers that their unencrypted personal information has been accessed or acquired and for notifying the Federal Trade Commission (“FTC”) and law enforcement of a security breach.

The bill applies to all persons and companies subject to the jurisdiction of the FTC and any tax-exempt organizations under Section 501(c) of the Internal Revenue Code; however, entities subject to HIPAA and Gramm-Leach Bliley will be exempt from the Act in certain circumstances. Under the current version, only data containing personal information related to commercial activity is protected. Personal information is defined as the consumer’s name, or address or phone number combined with one or more of the following pieces of information: social security number, government identification number (e.g., driver’s license number), or financial account identification number (if the codes or passwords needed to ... Continue Reading