FTC Safeguards Law (and Car Dealerships)

June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information security program to comply with the Federal Trade Commission’s updated Safeguards Rule. For additional information, see our post: Reminder: The

The Federal Trade Commission updated its “Standards for Safeguarding Customer Information” (“Safeguards Rule”) and extended the compliance deadline to June 9, 2023. Some entities still may be wondering – “Do these regulations apply to my business?” and “What do I have to do?”

Back in 2021, we provided a high-level summary of the Safeguards Rule

The Federal Trade Commission (FTC) recently took enforcement action against digital healthcare companies for sharing user information vie third-party tracking pixels, which enable the collection of user data. At the start of the year, the U.S. Health and Human Services Office of Civil Rights issued its own bulletin with guidance regarding tracking pixel technology for

On August 11, 2022, the Federal Trade Commission (FTC) announced proposed rulemaking pertaining to “commercial surveillance and lax data security.”  However, the overall focus of the potential rulemaking is consumer privacy and data security. The FTC states in its notice that its “extensive enforcement and policy work over the last couple of decades on consumer

In response to the United States Supreme Court decision in Dobbs vs. Jackson Women’s Health Organization, President Joe Biden signed an Executive Order on Friday, July 8, 2022, designed to protect access to reproductive health care services. In addition to measures seeking to safeguard access to abortion and contraception, the Executive Order includes provisions

On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach notification

The FTC recently settled its enforcement action involving data privacy and security allegations against an online seller of customized merchandise. In addition to agreeing to pay $500,000, the online merchant consented to multiyear compliance, recordkeeping, and FTC reporting requirements. The essence of the FTC’s seven count Complaint is that the merchant failed to properly disclose

On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing Safeguards Rule imposes a general obligation on financial institutions to maintain an information security program, the Final Rule outlines these

The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information.  The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal