The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use their services create accounts with the company and are required to provide not only usernames and passwords but also Social Security numbers and government ID numbers. The company also collects financial account information as well as names and addresses. The company included in its marketing materials promises about security, including that it was the “cornerstone of what we do.” The company also made promises about its security in RFPs to prisons and jails.Continue Reading FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments

The FTC’s second attempt to pursue the data broker, Kochava, continues to move forward. The amended complaint, which was just unsealed and thus available for the public to review, gives insight into the agency’s perspective on the harm that results when companies create profiles with sensitive information, and use that information to target ads to individuals. The amended complaint provides more detail about Kochava’s alleged practices; allegations the company strongly disagreed with. (Thus, why it sought -unsuccessfully- to have it sealed.)Continue Reading Amended Kochava Complaint Gives Insight into FTC’s View of Harm from Data Profiles

The FTC recently amended the Safeguards Rule to make non-banking institutions such as mortgage brokers, motor vehicle dealers, and payday lenders notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. The FTC plans to provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. The FTC’s Safeguards Rule also requires non-banks to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.Continue Reading Impact of FTC Safeguard Rules Amendment on Breach Notification Timing

The FTC continues its focus and concern on use of technologies that integrate artificial intelligence, this time turning to potential consumer harm with voice cloning technology. Today the commission announced a challenge looking for solutions to help monitor and prevent malicious voice cloning. In the announcement, the FTC pointed to current scams where threat actors use cloned voices -created using AI tools- to conduct scams. For example, money requests from a person’s “relative.” The winner will receive a $25,000 prize, and entries will be accepted in the first weeks of January.Continue Reading FTC Vocalizes AI Voice Cloning Challenge

As many who are keeping track of generative AI developments are aware, the FTC recently announced that it is investigating OpenAI’s ChatGPT product. For the privacy practitioner this investigation is important given that among other things, the agency wants to understand better how OpenAI is using personal information, and if its privacy representations are sufficient.Continue Reading OpenAI – FTC OpensAnInvestigation

The FTC and OCR at HHS are continuing to scrutinize the use of tracking technologies that may reveal information about a person’s health or health status. Both agencies recently sent a letter to a reported 130 hospitals and telehealth providers warning about the use of tracking technologies and the risks they pose. This follows on the heels of other statements, guidance, and enforcement actions from these regulators about these tools over the past two years.Continue Reading Regulators Send Warning Letter to Hospitals and Telehealth Providers About Tracking Technology Use

With the ongoing BIPA litigation activity in Illinois surrounding collection of biometrics, it can be easy to forget that other issues might surround this practice. Last month the FTC reminded companies not to forget general privacy and data security concerns. Concerns as most know, it enforces under Section 5 of the FTC Act (which prohibits deception and unfairness).Continue Reading Don’t Forget Deception: FTC and Biometrics

The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security measures stemming from the company’s alleged failure to devote sufficient resources or attention to data security.Continue Reading FTC Action Against Drizly and CEO Provides Insight Into Its Security Expectations

Following its 2021 Dark Patterns enforcement policy, the FTC recently issued a staff report on the practice. The report summarized many of the cases the agency has brought against companies it alleges have engaged in “dark patterns” designed to “get consumers to part with their money or data.” These include using design elements that induce false beliefs, that delay important and material information, that lead to unauthorized charges, or that subvert or confuse privacy choices.Continue Reading FTC Renews Focus on Dark Patterns

The FTC recently announced an ambitious Advance Notice of Proposed Rulemaking (ANPR) broadly aimed at a host of privacy and data security issues. This is the first step by the agency to explore using its Section 18 rulemaking authority under the FTC Act to issue a broad consumer privacy-focused trade regulation rule. The ANPR poses 95 questions and various topics, ranging from collection of information from children, to consent, data security, biometrics, artificial intelligence, and automated decision-making. The ANPR is focused on the impact to consumers and as workers or employees in a business capacity.Continue Reading FTC Announces Proposed Rulemaking On Privacy and Data Security