On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, among other things, failed to implement reasonable security measures, and misrepresented that it would use email addresses for order notification and receipt, when in fact it used email addresses for marketing purposes. As part of the proposed settlements with Residual Pumpkin and Planet Art, each is required, among other things, to implement, annually assess, test, and monitor a comprehensive written information security program. Residual Pumpkin also would be required to pay a $500,000 penalty.
Continue Reading FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices
Roger Li
FTC Releases Updated Safeguards Rule for Financial Institutions
By Libby Weingarten & Roger Li on
Posted in Privacy
On October 27, 2021, the Federal Trade Commission (FTC) released a final rule that updates the Safeguards Rule of the Gramm-Leach-Bliley Act (Final Rule). This Final Rule comes after the FTC sought comment on proposed changes to the Safeguards Rule in 2019 and held a public workshop in 2020.
Continue Reading FTC Releases Updated Safeguards Rule for Financial Institutions