Federal Regulation : Privacy and Security Law Blog

Posted on July 16, 2008 by Ronald London

FTC "Reminder" About ID Theft Red Flag Compliance

Our recent Advisory Bulletin recounts how the FTC recently issued issued a gentle reminder that companies should be well along in getting their Identity Theft Red Flag programs in place in anticipation of the November 2008 compliance deadline. The FTC's notice announced that it also has launched an outreach effort to explain the rules, which included publication of a very general alert on what the rules require and what types of businesses must comply.

Tags: Federal Regulation, Identity Theft

Posted on January 25, 2008 by Ronald London

FTC Data Security Consent Decree Suggests Minimum Steps Companies Must Take

Posted by Ronald London

The FTC recently announced a consent decree with online retailer Life is good (www.lifeisgood.com) that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered such reassurances but failed to have in place sufficient measures (from the FTC's view) to back them up, based on the ability of a hacker to use SQL injection attacks on Life is good’s website to access consumers' credit card numbers, expiration dates, and security codes. To resolve allegations in a draft complaint the FTC had prepared alleging unfair trade practices, Life is good settled the claims by entering a consent decree requiring it to adopt a comprehensive information-security program and obtain biennial audits by an independent third-party security professional … for the next 20 years.

Tags: Federal Regulation, Financial Institutions, Identity Theft, Internet, Personal Privacy, Security Breaches, Security Measures

Posted on December 5, 2007 by Ronald London

FTC Announces "Crackdown" on Do-Not-Call Violators

Posted by Ronald G. London

The Federal Trade Commission recently announced that as a result of a new crackdown by the agency on violations of the National Do-Not-Call Registry (“NDNCR”) and related provisions of the FTC’s Telemarketing Sales Rule (“TSR”), it entered several consent decrees with multiple companies totaling $7.7 million in civil penalties, with one complaint still outstanding. The FTC brought the enforcement actions against Craftmatic (purveyor of adjustable beds and mobility assistance scooters) and affiliated entities through which it conducts telemarketing, ADT for TSR-violative actions by authorized third-party dealers of its security systems, Ameriquest Mortgage Company, Guardian Communications and its prerecorded call vendor U.S. Voice Broadcasting, and Global Mortgage Funding. Each of the first four companies and their affiliated entities entered consent decrees with the government and agreed to pay substantial civil penalties (amounts provided below) and to injunctive relief prohibiting them from engaging in similar violations in the future, while the FTC’s complaint for civil penalties and injunctive relief against Global was to be filed.

Tags: Federal Regulation, Spam

Posted on October 23, 2007 by Ronald London

FTC Changes Duration of National Do-Not-Call Registrations

Posted by Ronald London

The Federal Trade Commission today announced through a statement by Chairman Deborah Platt Majoras and in related testimony before Congress that it will not remove any telephone numbers from the National Do Not Call Registry (“NDNCR”) notwithstanding that it previously stated in adopting the NDNCR rules that such registrations are to last only five years. That decision was the result of deliberative consideration of constitutional and statutory imperatives not to unduly interfere with legitimate telemarketing, how long numbers remain registered on the various state do-not-call lists, and the fact that the telephone subscriber who places a number on this list may well move or otherwise change his or her number, leaving it to be “recycled” to a new subscriber who did not initially placed it on the NDNCR and may or may not want to be listed. Indeed, the record at the time reflected that 16% of all phone numbers change each year, and 20% of all Americans move each year. The FTC decided that, on balance, given the needs of legitimate telemarketing, the frequency with which telephone numbers are recycled, and the fact that not everyone would want their number on the NDNCR, five years was the appropriate duration for NDNCR listings. Consumers wishing their numbers to remain on the NDNCR would have to re-register before the five-year period lapsed.