As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new
Continue Reading FCC Orders Far-Reaching New Privacy and Data Security Rules
The Federal Trade Commission (FTC) recently approved a new method for website operators and mobile application developers (“operators”) to obtain parental consent to collect personal information from children.1 Under this new method, which is the first to use biometric identifiers to verify that a parent is providing consent for a child, the FTC will permit operators to use facial recognition technology to compare an image of the person providing consent with an image of verified photo identification, such as a drivers’ license or passport. If the two images match, the user is verified and can provide consent for the child to use the website or mobile application.
Continue Reading FTC Approves Facial Recognition as Method of Obtaining Parental Consent to Collect Children’s Information
On December 17, 2015, the Federal Trade Commission (FTC) announced its first Children’s Online Privacy Protection Act (COPPA) enforcement actions challenging the use of persistent identifiers to engage in targeted advertising to children. The FTC
Continue Reading WSGR Alert: FTC Brings First Enforcement Actions Against Kids Apps Using Persistent Identifiers for Targeted Advertising
California Attorney General Kamala Harris recently announced a settlement with Houzz Inc., a home design website, over allegations that the company failed to notify individuals that it was recording their phone calls with the company.1 While the settlement included the payment of $175,000 in penalties and fees, it also included the surprising requirement that Houzz appoint a “Chief Privacy Officer” or similar employee responsible for privacy compliance at the company. This settlement is the first time a U.S. privacy regulator has specifically included such a requirement in a privacy settlement, and it signals the importance to the California Attorney General of companies having executive management oversight for a privacy program.
Continue Reading California Attorney General Includes Chief Privacy Officer Requirement in Data Privacy Settlement
On September 9, 2015, the Federal Trade Commission (FTC) held its first “Start with Security” conference at the University of California Hastings College of the Law in San Francisco. The conference was the first in a series of events hosted by the agency intended to provide additional guidance to businesses regarding how to keep consumers’ information secure.
The FTC’s San Francisco event was aimed primarily at start-ups and software developers, with panels focusing on building a culture of security, scaling security during periods of rapid growth, investing in security, vulnerability disclosure and response, and implementing security features. The panels were each moderated by a staff attorney from the FTC’s Division of Privacy and Identity Protection, with panelists hailing primarily from Silicon Valley tech companies. Each panel is summarized below.
Continue Reading FTC Begins “Start with Security” Conference Series
Companies have been pressing the Federal Trade Commission (FTC) for additional guidance on data security, and the agency recently delivered. On August 10, 2015, the FTC issued a public closing letter to Morgan Stanley Smith Barney LLC (Morgan Stanley) regarding the agency’s investigation into concerns that the company “fail[ed] to secure, in a reasonable and appropriate manner, account information related to Morgan Stanley’s Wealth Management clients.”1 In the context of data security investigations, closing letters—which explain why FTC staff opted to close an investigation—have the potential to offer helpful insights on what security measures the FTC considers to be reasonably designed to protect the privacy and security of personal information. Knowing what factors influenced the FTC staff’s decision to close an investigation in one instance is equally instructive as knowing why the staff decided to pursue an enforcement action in another.
Continue Reading FTC Closing Letter Confirms the Importance of Implementing Employee Access Controls