Security, Privacy and Information Governance

Category: FTC

Page 2 of 4

Agenda and Panelists Announced for FTC’s Information Injury Workshop in December


The Federal Trade Commission released the agenda and panelists for the Information Injury Workshop which will be held on December 12.

As we covered in a previous DBR on Data post, the goal of the workshop is to explore how to characterize information injuries, how to accurately measure such injuries, and their prevalence.  In addition, panelists will discuss what factors businesses and consumers consider when evaluating the tradeoffs between providing information and potential exposure to injuries.

The panelists come from a variety of fields and disciplines, including information technology, privacy and data security, business, academia, legal and nonprofit fields.

The full agenda and list of panelists is available at this link. The workshop is free and open to the public and will also be available via live webcast through the FTC’s website.

“Hey toy – can you …”


The Federal Trade Commission provided additional guidance on how the Children’s Online Privacy Protection (COPPA) Rule, 16 C.F.R. Part 312, applies to the practice of collecting audio files that contain a child’s voice, immediately converting the audio to text, and deleting the files containing the voice recording triggers COPPA’s requirements.

The FTC guidance provides that it will not take enforcement action against operators who collect audio files without first obtaining verifiable parental consent in situations where the child’s voice is being used solely as a replacement for written words, such as to convert voice to text in order to perform a search and other function on internet-connected devices.

Continue reading

First Annual Review of the Privacy Shield Framework


The European Commission published its first annual report on the functioning of the EU-U.S. Privacy Shield, which protects the personal data transferred from the EU to companies in the U.S. for commercial purposes. The report was released on October 18, 2017.

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the U.S. from the EU in a way that is consistent with EU law.  The framework is based on a certification system by which U.S. companies commit to adhere to a set of Privacy Shield Principles.   To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the   Principles. A company’s failure to comply with the Principles is enforceable under Section 5 of the FTC Act, which prohibits unfair or deceptive acts.   The key requirements for participating companies include:

  • Informing individuals about data processing
  • Providing free and accessible dispute resolution
  • Cooperating with the Department of Commerce
  • Maintaining data integrity and purpose limitations
  • Ensuring accountability for data transferred to third parties
  • Transparency related to enforcement actions
  • Ensuring commitments are kept as long as data is held

Continue reading

FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology


The Federal Trade Commission (FTC) and the U.S. Department of Education (ED) will co-host a live workshop on December 1, 2017 highlighting two intersecting regulatory regimes: the FTC’s rules implementing the Children’s Online Privacy Protection Act (COPPA), which applies to K-12 schools and to children under the age of 13, and the simultaneous application of the Family Education Rights and Privacy Act (FERPA), which also applies to schools and is administered by ED.

Continue reading

Mark your calendars! FTC Workshop on Information Injury set for December


The Federal Trade Commission’s (FTC) Bureaus of Consumer Protection and Economics will host a workshop to examine consumer injury in the context of privacy and data security on Dec. 12, 2017.   Consumer injury is often difficult to quantify generally and especially challenging when there are allegations of a privacy or data security breach or other types of unauthorized access to personal information.  The FTC’s workshop will explore how to measure accurately such injuries; what frameworks might be used to assess different injuries as well as how consumers and businesses evaluate the benefits and costs associated with providing, collecting and using personal information.

Continue reading

Equifax Breach: Good Data Security Practices Matter


The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it.  News reports indicate that federal agencies, including the FTC, and a number of  state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.

Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.

Continue reading

« Older posts Newer posts »

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy