Publications
-
11.02.2023FTC Announces Data Breach Reporting Obligation Under GLBA Safeguards RuleUpdatesUnder an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.
-
09.11.2023A Deep Dive Into the SEC’s Materiality Trigger for Cybersecurity Incident DisclosuresBlogsThe U.S. Securities and Exchange Commission (SEC) adopted final rules relating to cybersecurity disclosure on July 26, 2023, which will take effect on December 18, 2023.
This blog has been republished in Insights, The Corporate & Securities Law Advisor. -
06.09.2023FTC Issues Policy Statement Regarding Biometric InformationUpdates
The FTC issued a policy statement on May 18, 2023, addressing privacy and data security concerns and the potential for bias and discrimination relating to the collection and use of biometric information. In the Biometrics Policy Statement, the FTC lists specific examples of business practices relating to biometric information that it will scrutinize under Section 5 of the FTC Act, which prohibits unfair or deceptive acts and practices.
-
05.26.2023FTC Hosts Panel Regarding Cloud Computing Business PracticesBlogsOn Thursday, May 11, 2023, the Federal Trade Commission hosted a panel to discuss questions relating to the cloud computing industry.
-
04.25.2023European Regulators Advance Artificial Intelligence InitiativesBlogsRecent weeks have seen action from various European regulators regarding artificial intelligence/machine learning (AI/ML) and algorithms.
-
03.29.2023FTC Requests Comments on Cloud Computing Business Practices With Potential Data Security ImpactsBlogs
The Federal Trade Commission (FTC) issued a press release and a request for information on March 22, 2023, soliciting comments from the public on cloud computing business practices, including issues related to market power, competition, and potential data security risks.
-
02.09.2023FTC Claims Sharing User Health Data With Advertising Platforms Is a “Security Breach”Updates
The Federal Trade Commission announced its first enforcement of the Health Breach Notification Rule against a digital health company, a case it brought against a company that shared user health data with third-party advertising platforms without the authorization of the affected users. This case signals the importance for digital health companies, whether or not covered by the Health Insurance Portability Accountability Act, of treating personal health information as sensitive and regulated by the HBNR and other FTC-enforced laws.
-
02.07.2023California Attorney General Targets Popular Mobile Apps in CCPA Enforcement SweepBlogs
As it did last year, the California Attorney General’s Office recognized Data Privacy Day by announcing its latest investigative sweep under the California Consumer Privacy Act (CCPA).
-
01.11.2023Four Data Security Safeguards the FTC Would Like Companies To Adopt in 2023UpdatesData security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.
-
09.06.2022FTC Sues Data Broker for Alleged Unfair Act of Selling Precise Geolocation DataUpdatesThe Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act.
-
08.16.2022FTC Kicks Off Wide-Ranging Privacy RulemakingUpdatesThe Federal Trade Commission released an advance notice of proposed rulemaking on “Commercial Surveillance and Data Security” on August 11, 2022. The ANPRM, approved on a 3-2 party line vote, is the initial step in a process that could result in the adoption of the first federal regulation addressing privacy, data security, and algorithmic discrimination across broad sectors of the U.S. economy.
-
05.19.2022What’s Next for Privacy at the FTC Following the Confirmation of Alvaro BedoyaUpdatesAlvaro Bedoya was sworn in as a commissioner of the U.S. Federal Trade Commission (FTC) on May 16, 2022.
-
04.12.2022FTC Chair Lina Khan Gives First Public Address Regarding PrivacyUpdatesFederal Trade Commission Chair Lina Khan spoke at the opening of the International Association of Privacy Professionals Global Privacy Summit on April 11, 2022, in Washington, D.C.
-
12.14.2021GLBA Safeguards Rule Updated to Impose New Data Security RequirementsUpdatesFollowing a 3-2 vote, the Federal Trade Commission recently announced amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act.
-
04.23.2021Supreme Court Rules FTC Cannot Obtain Monetary Relief Under Section 13(b)UpdatesOn April 22, 2021, in a unanimous decision, the U.S. Supreme Court in AMG Capital Management v. FTC held that the authorization to seek a “permanent injunction” under Section 13(b) of the Federal Trade Commission Act does not permit the FTC to obtain equitable monetary relief such as restitution and disgorgement. While the FTC may still seek monetary relief under Sections 5 and 19 of the Act, those provisions can be more difficult for the FTC to pursue. FTC Acting Chairwoman Rebecca Kelly Slaughter is already calling on Congress to “strengthen the FTC’s powers” in light of the decision.
-
05.26.2020Strategies For Defending FTC Investigations During PandemicArticlesAs in-house counsel, during the pandemic you and your colleagues may be working from home and caring for children or other family members, all while addressing novel legal issues raised by the coronavirus plus the normal day-to-day issues of your job.
-
04.15.2019What We Heard At The FTC Hearings: Days 18 And 19Articles
On March 25 and 26, 2019, the Federal Trade Commission's "Hearings on Competition and Consumer Protection in the 21st Century” focused on how competition and consumer protection enforcement has become a global effort, leading to more cooperation between enforcement agencies in different countries. As with other hearings in this series, the focus was on information gathering rather than agency pronouncements.
*Subscription based publication.
-
10.06.20174 Takeaways From FTC V. D-Link SystemsArticlesIn the Federal Trade Commission’s first litigated enforcement action addressing the security of internet of things devices, the district court for the Northern District of California recently dismissed the FTC’s unfairness claim and two of five deception claims under Section 5 of the FTC Act against D-Link Systems Inc., for alleged security flaws in its routers and internet-connected security cameras. Order, FTC v. D-Link Sys. Inc., No. 3:17-cv-00039 (N.D. Cal. Sept. 19, 2017).
*Subscription based publication. -
09.13.2016NJ’s Truth-in-Consumer Contract, Warranty and Notice Act: Will Related Class Actions Against Retailers Continue?UpdatesThis year brought a wave of class action complaints alleging that national retailers are violating the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (TCCWNA), N.J.S.A. §§ 56:12-14 et seq., by including certain provisions in their online terms and other consumer-facing notices and agreements.
-
08.01.2016Commission Holds FTC Unfairness Claim Does Not Require “Probable” or Tangible Injury in LabMD Data Security CaseUpdates
The Federal Trade Commission unanimously (3-0) ruled on July 29, 2016 that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act, reversing a decision of its Administrative Law Judge.
-
05.17.2016Spokeo Confirms That Alleging a Statutory Violation Is Not Necessarily Enough to Create StandingUpdatesIn a 6-2 decision, the Supreme Court held that the mere allegation of a statutory violation is not necessarily enough to create Article III standing.
-
11.20.2015LabMD Is Major Setback For FTC In Data Security CasesArticles
Law360
-
11.16.2015FTC Theory of Unrealized Consumer Injury Rejected in LabMD Data Security CaseUpdatesIn what could be a major setback for the Federal Trade Commission (FTC) in the data security arena, an Administrative Law Judge (ALJ) has ruled that an unfairness claim brought by the FTC under Section 5 of the FTC Act requires a showing that substantial injury to consumers is probable, not merely possible, when there is no evidence of actual consumer injury.
-
08.26.2015Third Circuit Affirms FTC Authority to Police Whether Companies Have Reasonable Data SecurityUpdatesSince at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to challenge this authority in court. In a highly anticipated opinion, the U.S. Court of Appeals for the Third Circuit resoundingly agreed with the FTC that a failure to implement reasonable data security measures may constitute an unfair business practice under Section 5.
-
04.09.2014Federal Court Holds That FTC May Regulate Company Data Security PracticesUpdatesIn a closely watched and first-of-its-kind case, the U.S. District Court for the District of New Jersey rejected, for purposes of a motion to dismiss, a defendant company’s argument that the Federal Trade Commission (FTC) lacks authority to regulate data security practices under Section 5 of the FTC Act.
-
07.30.2013New Self-Regulatory Rules for Mobile Apps: What Your Company Needs to KnowUpdatesEven as efforts to achieve industry-wide consensus on Do Not Track appear to be stalling, self-regulatory associations are forging ahead with their own rules governing online and mobile data collection. On July 24, the Digital Advertising Alliance (DAA) and the Network Advertising Initiative (NAI) each released rules governing the use of data collected through mobile applications.
-
07.01.2013The New COPPA Rule Takes Effect Today — Are You Ready?UpdatesIn December 2012, the Federal Trade Commission (FTC) adopted final amendments to the Children's Online Privacy Protection Act (COPPA) Rule, which regulates how companies may collect information online from children under 13. Last month, the FTC also issued an updated set of Frequently Asked Questions regarding the revised COPPA Rule. The revised COPPA Rule went into effect today, July 1, 2013, and will impact "operators" of certain websites and online services for a long time to come.
Presentations
-
03.07.2024My Health My Data: Litigation and State AG Enforcement OutlookSpeaking EngagementsCo-Presenter
Perkins Coie Seminar / Seattle, WA -
11.09.2023How to Prepare Now for Artificial Intelligence Laws That Don’t Yet ExistSpeaking EngagementsCo-Presenter
Privacy + Security Academy / Washington, D.C. -
10.30.2023Artificial Intelligence LawSpeaking EngagementsGuest Lecturer
University of Washington School of Law Technology Law and Public Policy Clinic / Seattle, WA -
10.11.2023Advertising LawSpeaking EngagementsIn-House Seminar / Webinar
-
10.04.2023FTC Consumer Protection: Hot TopicsSpeaking EngagementsIn-House Seminar / Webinar
-
09.27.2023The Truth About FTC False Advertising Law: FTC Advertising Law Hot TopicsSpeaking EngagementsIn-House Seminar / Webinar
-
09.23.2023Dark PatternsSpeaking EngagementsIn-House Seminar / Webinar
-
09.15.2023Privacy Law SalonParticipant
Invitation-Only Seminar / Washington, D.C. -
07.19.2023FTC Consumer Protection Hot TopicsSpeaking EngagementsIn-House Seminar / Webinar
-
10.18.2022
-
10.13.2022Data Security and BreachSpeaking Engagements
Co-Presenter
2022 Family Law Hot Topics: Navigating Threats to Your Family Law Practice
King County Bar Association / Seattle, WA -
06.15.2022What’s Now and Next for Privacy at the FTCWebinars
-
05.17.2022Data Security and the LawSpeaking Engagements
Co-Presenter
King County Bar Association: New Lawyers Division CLE / Seattle, WA -
05.17.2022Digital AdvertisingSpeaking EngagementsIn-House Seminar / Webinar
-
12.14.2021FTC Privacy & Data Security 2021 Year in ReviewWebinars
-
10.01.2021
-
05.04.2021Privacy Considerations for Artificial Intelligence TechnologiesSpeaking Engagements
Moderator
PLI Twenty-Second Annual Institute on Privacy and Cybersecurity Law / San Francisco, CA -
10.22.2020What State AGs Want to See in a Federal Privacy LawSpeaking EngagementsModerator
Privacy + Security Forum Virtual Fall Academy 2020 / Webinar -
01.16.2020FTC and Information Privacy Law
Guest Co-Lecturer
Stanford Law School / Palo Alto, CA -
04.09.2019Current Approaches to PrivacySpeaking EngagementsPanelist
FTC Hearing on Competition and Consumer Protection in the 21st Century / Washington, D.C. -
01.23.2018FTC and Information Privacy LawGuest Co-Lecturer
Stanford Law School / Palo Alto, CA -
06.20.2017The New Age of Cyberlaw: Expanding Risks and Responsibilities for Entities of All SizesSpeaking Engagements
Perkins Coie / Chicago, IL
-
07.28.2016FTC Truth-in-Advertising Principles for Technology FirmsSpeaking Engagements
Presenter
In-House Seminar / Seattle, WA -
04.12.2016FTC Truth-in-Advertising Principles for Technology FirmsSpeaking EngagementsIn-House Seminar / San Francisco, CA
-
02.11.2016Security for Startups and Others: Lessons from the FTC’s “Start with Security” Seattle RoadshowSpeaking Engagements
Panelist
CLE Presentation / Seattle, WA -
11.18.2015So, You Just Got a Letter from the FTCSpeaking Engagements
Moderator
IAPP Practical Privacy Series / Washington, D.C. -
07.21.2015Privacy Enforcement TrendsSpeaking EngagementsPerkins Coie Client Seminar / Seattle, WA
-
04.22.2015FTC Truth-in-Advertising Principles for Technology FirmsSpeaking EngagementsIn-House Seminar / Silicon Valley, CA