CFPB Acting Director Mick Mulvaney reportedly announced on Thursday that he was lifting the freeze on the CFPB’s collection of personally identifiable information (PII) from companies it supervises. ...more
Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
Influencer marketing is the popular practice of using individuals with large social media audiences—known as "influencers"—to advertise products and services through their social media accounts....more
10/4/2017
/ Advertising ,
Brand ,
Celebrity Endorsements ,
Disclosure Requirements ,
Endorsements ,
Facebook ,
Federal Trade Commission (FTC) ,
FTC Endorsement Guidelines ,
Influencers ,
Instagram ,
Marketing ,
Misrepresentation ,
Online Endorsements ,
Snapchat ,
Social Media ,
Twitter ,
Websites ,
YouTube
The Federal Trade Commission (“FTC”) released an updated version of its guidance on complying with the Children’s Online Privacy Protection Act (“COPPA”) on June 21, 2017. Companies that collect personal information from...more
7/3/2017
/ COPPA ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Notice Requirements ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Websites
In its latest effort to address security concerns about Internet of Things (IoT) devices, the Federal Trade Commission (FTC) has submitted public comments to the National Telecommunications and Information Administration's...more
President Trump recently signed the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order sets forth the Trump Administration's policy for cybersecurity of...more
5/18/2017
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Hackers ,
Popular ,
Risk Management ,
Trump Administration
The CFPB recently released a “Special Edition” of its Supervisory Highlights that focuses exclusively on data accuracy issues in consumer credit reporting and the handling and resolution of consumer disputes. The report...more
If you or your third-party providers are engaged in cross-device tracking, you must adequately disclose the practice to your end users, provide them control over their information, and exercise care when collecting sensitive...more
1/26/2017
/ Advertising ,
Data Collection ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
FTC Act ,
Marketing ,
Mobile Devices ,
Section 5 ,
Technology ,
Tracking Systems ,
Transparency ,
Web Tracking
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
11/7/2016
/ Breach Notification Rule ,
Business Associates ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Risk Assessment ,
Service Agreements
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more
10/18/2016
/ Best Practices ,
Data Protection ,
Data Transfers ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Internet of Things ,
Notice Requirements ,
Privacy Policy ,
Third-Party Risk ,
UK ,
Websites
A goal of providing effective disclosures to consumers is to allow consumers to make informed decisions. But what must be done to make disclosures effective? This was the question the Federal Trade Commission (FTC) explored...more
9/27/2016
/ Advertising ,
Banking Sector ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Mobile Apps ,
Mobile Devices ,
Native Advertising ,
Popular ,
Social Media ,
Social Networks ,
Tracking Systems ,
Video Games ,
Warner Brothers Entertainment
The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5...more
8/15/2016
/ Administrative Law Judge (ALJ) ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
File Sharing ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
p2p ,
Popular ,
Section 5
The Telephone Consumer Protection Act (TCPA) and a 2015 omnibus Declaratory Ruling and Order (2015 Order) interpreting the TCPA issued by the Federal Communications Commission (FCC) have recently faced additional challenges...more
The federal body tasked with creating standards for the uniform regulation of financial institutions has released new information to assist examiners in evaluating mobile services offered by financial institutions and their...more
The Pennsylvania Superior Court has affirmed a trial court's decision denying class certification in a data breach case against two health plans, reversing its own earlier ruling in the same case that the plaintiff did not...more
Following the trend of federal agency interest in fostering (and potentially regulating) innovation in the field of financial technology (FinTech), the Office of the Comptroller of the Currency (OCC) released the white paper...more
The Federal Trade Commission (FTC) has issued orders to obtain information about the process by which businesses audit their compliance with the Payment Card Industry Data Security Standards (PCI DSS) and the role of such...more
The European Commission (EC) has released details of the EU-U.S. Privacy Shield, a new framework under which personal data may be transferred from the European Union (EU) to the United States. The Privacy Shield replaces the...more
The Judicial Redress Act (Act), signed into law on February 24, 2016, by President Obama, extends the privacy protections offered to U.S. citizens under the Privacy Act of 1974 to citizens of ''covered countries'' overseas....more
President Obama's Cybersecurity National Action Plan (CNAP), a comprehensive plan to address the nation's cybersecurity challenges through increased funding, a more robust cybersecurity workforce, and education initiatives,...more
The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have released Interim Guidance Documents (Guidance Documents) to implement the Cybersecurity Information Sharing Act of 2015 (CISA). The Act...more
As consumers increasingly turn to mobile devices to pay their bills, shop online, and order rides and other services, a number of legal and practical questions emerge. Who regulates mobile financial services offered by...more
The European Commission (EC) and the U.S. Department of Commerce have reached an agreement to create a framework for transfers of personal data from the European Union to the United States. The framework, named the EU-U.S....more
A new Federal Trade Commission (FTC) report, "Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues," warns that certain uses of big data consisting of consumer information may implicate various federal...more