Privacy

Subscribe to Privacy via RSS

What the FTC Wants, the FTC (Mostly) Gets

In recent weeks the Federal Trade Commission has been on a tear. As one example, on July 22 it announced a $700 million settlement with Equifax for “the 2017 data breach that jeopardized the personal data of a staggering 147 million people.” But it is a decision earlier this year that is perhaps more ominous, at least regarding personal liability for directors and officers (“D&Os”).

On February 27, 2019, after announcing a $5.7 million settlement with TikTok for various privacy violations relating to its lip-syncing app, two of the five FTC commissioners, Rebecca Kelly Slaughter and Rohit Chopra, issued this joint statement:

When any company appears to have made a business decision to violate or disregard the law, the Commission should identify and investigate those individuals who made or ratified that decision and evaluate whether to charge them. As we continue to pursue violations of law, we should prioritize uncovering the role of corporate officers and directors and hold accountable everyone who broke the law.

This approach appears to have some traction with the current FTC Chairman, Joe Simons, and the Bureau of Consumer Protection Director, Andrew Smith, who both discussed Slaughter and Chopra’s statement at the 2019 International Association of Privacy Professionals Global Privacy Summit. Smith described naming D&Os as a “way to make companies take notice that [the FTC] is serious about compliance.”
Continue Reading Recent FTC Enforcement Actions

Does your business collect personal information from residents in California? Does it monitor user activity on its website? If so, there is a good chance it will need to comply with the California Consumer Privacy Act (“CCPA”), which takes effect January 1, 2020.

Following the European Union’s implementation of GDPR, California adopted the CCPA, which

This past Wednesday, the Senate Commerce Committee held another hearing on consumer data privacy, this time giving voice to prominent privacy advocates. Previous testimony in September from leading technology businesses focused on concerns with the complexity of having to comply with a patchwork of different state privacy regulations, broad definitions of “personal information” in the California Consumer Privacy Act (CCPA), and a desire to see Federal legislation enacted that would preempt state laws and create a single, unified US privacy law.

While a national privacy law would simplify compliance, in Wednesday’s hearing Nuala O’Connor, the President and CEO of the Center for Democracy & Technology, cautioned the committee that the “price of preemption would be very, very high”, and Laura Moy, Executive Director and Adjunct Professor of Law at the  Georgetown Law Center on Privacy & Technology, laid out in her written testimony six strong recommendations that we should expect to see in any proposed national standard:
Continue Reading The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.