FTC & State AG

On August 28, the Federal Trade Commission (“FTC”) filed an administrative complaint against medical testing company LabMD, Inc., alleging that the company’s information security practices constituted unfair acts or practices in violation of Section 5(a)...

Read More →

The FTC has brought its first data security enforcement action involving the “Internet of Things.” See the FTC’s Complaint at here. According to the complaint, TRENDnet, a seller of Internet Protocol (“IP”) cameras, failed to implement...

Read More →

On September 3, the California legislature passed a bill that would require websites and online services to revise their privacy policies to describe their practices with respect to “do not track” mechanisms and third party...

Read More →

How do we know you are who you say you are?  Authenticating a user’s identity is an ongoing struggle for developers, merchants, lawmakers and consumers.  An ideal solution balances costs for providers and convenience for...

Read More →

It’s August in D.C. Summer is coming to an end; the kids are going back to school; traffic is still (blissfully) light and normally, the federal government is at best sleepy – at worst, in...

Read More →

The FTC (via email blast) provided further clarification of the standards that third party ad networks and platforms would be held to, under the new COPPA Rule. To recap recent history: when the FTC announced...

Read More →

State Attorneys General have announced their intention to press Congress to narrow the immunity provisions of the Communication Decency Act (“CDA”), 47 U.S.C. § 230,  to exempt state criminal prosecutions from the CDA safe harbor.  It...

Read More →

In the FTC’s most recent effort to address “big data” privacy and security concerns, Commissioner Julie Brill proposed a self-regulatory initiative – “Reclaim Your Name” – that would give consumers more insight into and control...

Read More →

The European Commission has established new rules and regulations that require Internet Service Providers and telecommunications providers to notify authorities of a security breach within 24 hours. If the reporting entity is unable to provide...

Read More →

DAY 1, WEDNESDAY AFTERNOON (5/22) Cybersecurity Policy Update.  The Wednesday afternoon session at the Georgetown Cybersecurity Law Institute began with a policy update led by Stewart Baker.  He led off with the statement that the...

Read More →