FTC Releases “Best Practices” to Improve Mobile Device Security On February 28th, the Federal Trade Commission (“FTC”) released a report that offers several recommendations on ways to improve the security of mobile devices.  In a press release accompanying the report, Tom Pahl, the Acting Director of the FTC’s Bureau of Consumer Protection, stated that “more needs to be done to make it easier for consumers to ensure their devices are secure.”  The FTC’s recommendations center around the ongoing need to patch vulnerabilities.  View Full Post
Lyft recently confirmed that it is investigating whether its employees were accessing its customer database without appropriate authorization to obtain personal information, including rides taken by Facebook CEO Mark Zuckerberg.  The investigation was announced less than six months after Uber entered into a Federal Trade Commission (FTC) consent order to resolve allegations of similar behavior by its own employees. View Full Post
Last week, the Office of the Comptroller of the Currency (OCC) released its semiannual risk report highlighting credit, operational, and compliance risks to the federal banking system. The report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource by those financial institutions to address the key concerns identified by the OCC.  View Full Post
  Last week, the OCC released its semiannual risk report highlighting credit, operational, and compliance risks to the federal banking system.  The report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource by those financial institutions to address the key concerns identified by the OCC.  View Full Post
OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system.  The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC.  View Full Post
The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television manufacturer), Blue Global (lead generator), Upromise (college rewards program), ACDI Group (an alleged debt buyer), TaxSlayer (tax preparation service), and D-Link (wireless routers and Internet cameras).  View Full Post
This week, New York Governor Andrew Cuomo issued a press release directing the New York Department of State to issue a new regulation impacting consumer reporting agencies.  The new regulation was adopted on an emergency basis and went into immediate effect in order to protect consumers from identity theft and other potential economic harms that may arise following a data breach. View Full Post
The CFPB has released a set of “Consumer Protection Principles” for participants “in the developing market for services based on the consumer-authorized use of financial data.”  According to the CFPB, the principles “do not themselves establish binding requirements or obligations relevant to the Bureau’s exercise of its rulemaking, supervisory, or enforcement authority” and “are not intended as a statement of the Bureau’s future enforcement or supervisory priorities.”  Rather, the CFPB describes the principles as “express[ing] the Bureau’s vision for realizing a robust, safe, and workable data aggregation market that gives consumers protection, usefulness, and value” and are intended “to help safeguard consumer interests as the consumer-authorized aggregation services market develops.” In November 2016, the CFPB issued a request for information about market practices related to consumer access to financial information.  View Full Post
The FTC has announced that it will host a workshop on December 12, 2017 in Washington, D.C. to examine consumer injury in the context of privacy and data security. In the workshop, the FTC plans to examine questions about the injury consumers suffer when information about them is exposed or misused such as “how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the tradeoffs involved in collecting, using, or providing information while also potentially increasing their exposure to injuries.” The types of consumer harm that flow from data security and privacy breaches has significant implications both for government enforcement and private actions.  View Full Post