Category Archives: Privacy

FTC Says “Stalking” Apps Violate COPPA and the FTC Act

By Sheila Millar and Tracy Marshall on October 30, 2019 Posted in Privacy

You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).… Continue Reading

Reevaluating the COPPA Rule

By Sheila Millar on October 22, 2019 Posted in Privacy

In the two decades following the enactment of the Children’s Online Privacy Protection (COPPA) Rule, technological developments have changed the online landscape considerably. Recognizing this, the Federal Trade Commission (FTC) held a public workshop on October 7, 2019, to discuss whether, given the proliferation of smart devices, video games, online channels, and EdTech, the Rule,… Continue Reading

Equifax to Pay Largest-Ever Data Breach Settlement

By Sheila Millar and Tracy Marshall on July 25, 2019 Posted in Advertising, Privacy

The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700… Continue Reading

FTC Continues Enforcement of False Privacy Shield Claims

By Sheila Millar and Tracy Marshall on June 20, 2019 Posted in Privacy

Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over the… Continue Reading

FTC Settles Lax Data Security Charges with Software Seller

By Sheila Millar and Tracy Marshall on June 17, 2019 Posted in Privacy

The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in… Continue Reading

Website Hacks Result in FTC Actions for Lax Security

By Sheila Millar and Tracy Marshall on May 17, 2019 Posted in Privacy

After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,… Continue Reading

EDPB Advises on Overlap Between the ePrivacy Directive and GDPR

By Sheila Millar and Tracy Marshall on May 9, 2019 Posted in Privacy

The European Data Protection Board (EDPB) has weighed in on the interplay between the General Data Protection Regulation (GDPR) and the ePrivacy Directive in response to questions from the Belgian Data Protection Authority (DPA). Addressing how and when each set of rules applies to processing data, the EDPB stated that “these questions concern a matter… Continue Reading

Significant Changes Ahead for COPPA?

By Sheila Millar and Tracy Marshall on March 27, 2019 Posted in Cybersecurity, Privacy

As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting… Continue Reading

California Consumer Privacy Act: Your at-a-glance guide to key business obligations

By Sheila Millar and Tracy Marshall on March 25, 2019 Posted in Privacy

The California Consumer Privacy Act of 2018 (CCPA) gives California residents new rights and imposes new obligations on companies doing business in California, effective January 1, 2020. Keller and Heckman LLP Privacy and Security Partners Sheila Millar and Tracy Marshall have provided an overview to help businesses understand the new requirements. Since publication of the… Continue Reading

Sheila Millar and Boaz Green Author Law360 Article “CPSC Is Shifting Toward Voluntary Standards”

By Sheila Millar and Boaz Green on February 7, 2019 Posted in Cybersecurity, Privacy, Product Safety

Sheila Millar and Boaz Green discuss CPSC’s activities in 2018 and give their predictions on possible agency actions in the coming year in the Law360 article “CPSC Is Shifting Toward Voluntary Standards” (Feb. 6). Law360 featured the article in its newsletter sections for Consumer Protection, Cybersecurity, and Product Safety. To read the full article, click… Continue Reading

FTC Releases Cybersecurity Resources for Small Businesses

By Sheila Millar and Tracy Marshall on October 24, 2018 Posted in Cybersecurity, Data Security, Privacy

Small businesses face the same cybersecurity risks as large multinationals but lack a large IT infrastructure to help protect themselves. At the direction of former Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen, the FTC launched a new cybersecurity campaign aimed at helping small businesses navigate the ever-evolving cyber landscape, coordinated with the Department of… Continue Reading

Agency Comings and Goings

By Sheila Millar, Tracy Marshall and Boaz Green on September 27, 2018 Posted in Data Security, Privacy, Product Safety

This week has seen several significant changes at the Commission level at both the Consumer Product Safety Commission (CPSC) and the Federal Trade Commission (FTC). CPSC After several months of stasis, the Senate voted to confirm Peter Feldman as a Commissioner on the CPSC, with a term expiring October 26, 2019. Feldman takes the place… Continue Reading

NIST Launches Development of Voluntary Privacy Risk Management Framework

By Sheila Millar and Tracy Marshall on September 13, 2018 Posted in Cybersecurity, Data Security, Privacy

The National Institute of Standards and Technology (NIST) has launched a collaborative effort to develop a voluntary framework that will help organizations manage privacy risks and protect consumer privacy when developing and using innovative technologies. According to NIST, a robust cybersecurity program can help manage risks, but organizations need customizable tools for addressing the challenges… Continue Reading

FTC Approves ESRB’s Updated COPPA Safe Harbor Program

By Sheila Millar and Tracy Marshall on August 17, 2018 Posted in Data Security, Privacy

The Federal Trade Commission (FTC) approved modifications to the video game industry’s Children’s Online Privacy Protection Act (COPPA) program. Earlier this year, the Entertainment Software Ratings Board (ESRB) proposed several substantive changes intended to take account of recent FTC COPPA rules and guidance. To receive FTC approval, COPPA safe harbor programs must “implement substantially similar… Continue Reading

California Company Settles with FTC over Alleged Privacy Shield Misrepresentations

By Sheila Millar and Tracy Marshall on July 16, 2018 Posted in Data Security, Privacy

If a company claims to be certified under the EU-U.S. Privacy Shield framework when it hasn’t even completed the paperwork, the Federal Trade Commission (FTC) isn’t likely to let it slide. ReadyTech, a California-based online training services company, made such a claim on its website, in violation of the FTC Act’s prohibition against deceptive acts… Continue Reading

State Data Breach Notification Laws – Overview of Requirements for Responding to a Data Breach – Updated July 2018

By Sheila Millar and Tracy Marshall on July 10, 2018 Posted in Data Security, Privacy

With the ever-changing complexity of state data breach notification laws, companies facing a data breach need resources that will help them understand the issues. This summary provides an overview of the similarities and differences in data breach laws adopted in the 50 United States and the District of Columbia and includes laws enacted since our… Continue Reading

Online Talent Company Settles with FTC Over Alleged COPPA Violations

By Sheila Millar and Tracy Marshall on February 9, 2018 Posted in Data Security, Privacy

Online talent search company Explore Talent just landed in the spotlight of the Federal Trade Commission (FTC). The Vegas-based company was charged with violating the Children’s Online Privacy Protection Act (COPPA), which requires that companies collecting information online must obtain informed, verifiable parental consent before collecting any information from a child under 13. The company… Continue Reading

Internal Reforms Announced for FTC’s Bureau of Consumer Protection

By Sheila Millar and Tracy Marshall on July 19, 2017 Posted in Privacy

The Federal Trade Commission’s Bureau of Consumer Protection is about to undergo reform, according to FTC Acting Chairman Maureen Ohlhausen. In a press release issued on July 17, the FTC stated that the changes are part of an ongoing initiative to simplify information requests and improve transparency that began last April, when Ohlhausen announced new… Continue Reading

FTC Announces Date for PrivacyCon 2018 and Call for Presentations

By Sheila Millar and Tracy Marshall on June 12, 2017 Posted in Privacy

The Federal Trade Commission (FTC) has announced that its third annual PrivacyCon will take place in Washington, D.C., on February 28, 2018. The conference will bring together researchers, academics, industry representatives, consumer advocates, and government representatives to explore an array of consumer privacy and data security issues, with a particular focus on emerging technologies, such… Continue Reading

Are Your Security Tools Up to Date?

By Sheila Millar and Tracy Marshall on May 22, 2017 Posted in Cybersecurity, Data Security, Privacy

The effects of the massive cyberattack using ransomware known as “Wanna Cry” are still being felt all over the world. Tens of thousands of organizations have been infected, including the UK’s National Health Service, which ran some services on an emergency-only basis the day the attack began in earnest. Some security experts surmise that the… Continue Reading

New Mexico Enacts Data Breach Notification Law; Tennessee Reinstates Encryption Safe Harbor

By Tracy Marshall and Sheila Millar on April 28, 2017 Posted in Privacy

New Mexico is the 48th state to enact a data breach law. That law, the Data Breach Notification Act (HB15), is scheduled to take effect on June 16, 2017. Alabama and South Dakota are now the only states without a data breach notification law. The New Mexico law is like other state breach notification laws… Continue Reading