You are here

Federal Trade Commission

Wyndham Settles Data Breach Charges in Precedent-Setting Agreement With FTC

The hotel chain Wyndham Worldwide Corp. has settled data breach charges with the Federal Trade Commission, Reuters' Jonathan Stempel reports. The case was precedent setting because it was a test of the FTC's power to regulate data breaches as unfair or deceptive trade practices.

In the settlement, Wyndham must "establish a comprehensive information security program designed to protect cardholder data including payment card numbers, names and expiration dates," Stempel reports. The regulatory action was taken for breaches in which customers' credit card numbers were stolen.

Court Affirms FTC Authority to Regulate Cybersecurity Issues

The Federal Trade Commission has the authority to regulate lax cybersecurity as an unfair business practice, the U.S. Court of Appeals for the Third Circuit has ruled, Bank Info Security's Tracy Kitten reports. Hotel chain Wyndham Worldwide Corp. was sued by the FTC for allegedly having inadequate security measures to protect consumer data, which the agency said violated the FTC Act's unfair business practice provisions.

Cybersecurity attorney Chris Pierson said the case "'is a seminal case for the FTC for the proposition that the FTC has the power and ability to oversee cybersecurity breach issues as the nation's default regulator."'

White House Releases Watered-Down Privacy Bill

The White House released a proposed bill to protect consumers' digital privacy, the Washington Post's Andrea Peterson reports, but the bill may not be strong enough. The Federal Trade Commission said that the legislation wouldn't provide "strong and enforceable protections" for consumer privacy. The bill would allow industries to develop their own privacy codes of conduct, which the FTC could then enforce. But the bill would preempt state laws dealing with data collection and handling and could preempt state laws like California's that have more stringent standards than at the federal level for data breaches, the privacy of minors and other consumer protection laws. The Recorder's Cheryl Miller notes that a private right of action is explicitly rejected, but that state attorneys general as well as the FTC would have enforcement authority.

FTC Chairwoman Raises Concerns About Internet of Things

Edith Ramirez, chairwoman of the Federal Trade Commission, speaking at the International CES tech event, said that privacy by design should be incorporated into products, including to ensure data security for homes outfitted with smart devices, the New York Times reports: "Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things." The chairwoman also called for tech firms to collect only the "personal data they need for a specific purpose and delete it permanently afterward."

Court Rules FTC Has Authority Over Lending by American Indian Tribes

A Nevada federal judge has ruled that the Federal Trade Commission can sue payday lenders, even if they are affiliated with American Indian tribes, the Legal Times reports. The judge ruled "that the FTC Act is a statute of general applicability, one that does not include an exception for Indian tribes," the Legal Times further reported. Tribes argue that they are sovereign and free from regulation by state governments and the U.S. federal government.

Federal Trade Commission Set to Regulate Your Spying Coffee Pot

The Federal Trade Commission is set to regulate connected devices that share consumer data. Or as GigaOm more pithily says it: the Internet of Things. Why does this matter? GigaOm reports: "There are two issues at play here, one being the privacy of consumer data and the other being the security of the networks delivering that data. The privacy issue, however, also contains a security dimension since the devices can share things that affect a person’s safety — such as where they live and whether or not they are home."

Moreover," EPIC, the Electronic Privacy Information Center, argues that the privacy implications of connectivity start with the devices, which could allow a person to be tracked continuously across a variety of networks," GigaOm also reports.

GigaOm's Stacey Higginbotham argues for a middle ground between stifling a new industry and consumer privacy.

Subscribe to RSS - Federal Trade Commission