FTC Releases 2017 Privacy And Data Security Update

Yelena Kotlarsky
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On January 18, 2018, the Federal Trade Commission (“FTC”) released its annual report describing the agency’s activities over the past year in the areas of enforcement, advocacy, workshops, consumer education and business guidance, and international engagement.

With respect to enforcement, the FTC highlighted 10 privacy cases and three data security cases that it brought in 2017. The cases covered a range of different companies, including a “smart” television manufacturer, tax preparer, college rewards program, and transportation service provider.

On the international enforcement front, the FTC emphasized that it brought its first three actions enforcing the EU-U.S. Privacy Shield in 2017. The EU-U.S. Privacy Shield provides a legal mechanism for companies to transfer personal consumer data from the European Union to the United States. All three companies claimed that they were certified to participate in the EU-U.S. Privacy Shield, however, the FTC found that they failed to complete the certification. Similarly, three other companies settled with the FTC for falsely claiming that they participated in the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules System, a voluntary initiative that helps protect information transferred among the participating APEC member countries.

As for workshops, advocacy, and publications, the FTC described efforts to educate businesses and consumers on privacy and security issues related to a wide variety of topics ranging from internet of things devices, peer-to-peer payment systems and crowdfunding platforms, artificial intelligence and blockchain technologies, connected cars, and student privacy. These areas are likely to become a focus of FTC enforcement in the future.

A helpful resource for the FTC’s guidance on privacy and security issues is its blog series, Stick with Security, which is highlighted in the agency’s report. The blog offers insights and lessons to be drawn from recent law enforcement actions, closed investigations, and experiences of various companies. Companies looking for additional guidance can also consult the FTC’s newly released videos describing topics such as how the NIST Cybersecurity Framework aligns with the FTC’s work on data security, how to respond if your business is impersonated in a phishing scam, how businesses can defend against ransomware, using email authentication to prevent phishing emails from getting through to customers, and steps companies should take to respond to a data breach.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide