FTC

Subscribe to FTC via RSS

Companies have been pressing the Federal Trade Commission (FTC) for additional guidance on data security, and the agency recently delivered. On August 10, 2015, the FTC issued a public closing letter to Morgan Stanley Smith Barney LLC (Morgan Stanley) regarding the agency’s investigation into concerns that the company “fail[ed] to secure, in a reasonable and appropriate manner, account information related to Morgan Stanley’s Wealth Management clients.”1 In the context of data security investigations, closing letters—which explain why FTC staff opted to close an investigation—have the potential to offer helpful insights on what security measures the FTC considers to be reasonably designed to protect the privacy and security of personal information. Knowing what factors influenced the FTC staff’s decision to close an investigation in one instance is equally instructive as knowing why the staff decided to pursue an enforcement action in another.
Continue Reading FTC Closing Letter Confirms the Importance of Implementing Employee Access Controls

ThinkstockPhotos-504041382-webThe Federal Communication Commission’s (FCC’s) newly promulgated Open Internet rules (2015 rules)—also known as the net neutrality rules—went into effect on June 12, 2015.1 The new rules apply specifically to broadband Internet access service providers, and not to Internet content, application, and device providers (edge providers). Nonetheless, by design, the rules will have a potentially far-reaching impact on edge providers’ and consumers’ rights and the avenues for redress in the face of harm inflicted by broadband providers. To date, the FCC has yet to receive any formal complaints from companies, though those may well be in the offing, according to some media reports and public statements.2
Continue Reading FCC Open Internet Rules Contain Important New Privacy, Data Security, and Transparency Measures

ThinkstockPhotos-503916682-webOn July 10, 2015, the Federal Communications Commission (FCC) released its long-anticipated Declaratory Ruling and Order1 addressing twenty-one petitions and requests seeking clarification of, and relief from, various provisions of the Telephone Consumer Protection Act (TCPA) and the FCC’s implementing regulations.2 The order provides some much-needed clarity in certain areas, but commentators have generally concluded that the order has broadened the reach of the TCPA and inserted uncertainty in other areas, making calling or texting consumers an increasingly risky business practice.
Continue Reading FCC Issues Omnibus TCPA Declaratory Ruling and Order Addressing Numerous Issues Regarding Calling and Texting Consumers

The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider COPPA when developing and testing mobile apps can have serious consequences.
Continue Reading COPPA Looms Large for Mobile Apps

On July 28, 2014, the Federal Trade Commission (FTC) issued a staff report on “mobile cramming”—the unlawful practice of placing unauthorized third-party charges on mobile phone accounts. The report recommended five best practices primarily directed to mobile carriers but at times also directed to merchants and billing intermediaries. This report follows a number of FTC enforcement actions to combat mobile cramming, as well as a May 2013 mobile cramming roundtable convened by the FTC and attended by industry participants, consumer advocates, and regulators. Following the roundtable, the four largest mobile carriers said that they would discontinue most “Premium SMS” billing, in which a consumer purportedly authorizes a third-party charge by texting a five or six-digit number. Nonetheless, the report emphasized that the consumer protection principles embodied in its recommendations apply to any form of carrier billing (i.e., charging a good or service directly to a mobile phone account), including direct carrier billing.
Continue Reading FTC Issues Carrier Billing Recommendations to Protect Consumers Against Mobile Cramming

Federal regulators released guidance in the first half of 2014 that should provide comfort to businesses that are considering sharing information relating to cybersecurity risks with other companies and the government. Although these advisory opinions are nonbinding and do not carry the force of law, they provide strong indications of the priorities of the U.S. Department of Justice (DOJ) and Federal Trade Commission (FTC) with respect to facilitating the ability of businesses to engage in cybersecurity risk mitigation. Notably, under the recent guidance, the federal regulators suggest that antitrust and electronic communications privacy concerns, which may have previously made businesses hesitant to share certain information relating to cybersecurity risks, should not preclude business-to-business or business-to-government information sharing that is tailored to mitigate these risks.
Continue Reading Federal Agencies Reduce Barriers to Cyber Threat Information Sharing