Post navigation ← Older posts Facebook And FTC Settle Privacy Charges — No Fine, But 20 Years Of Privacy Audits

While I am not sure the FTC went quite far enough (mandatory audits but no fines seems a bit toothless), it is at least a clear message that the FTC is getting increasingly serious about enforcing privacy regulations.
The short lesson to businesses online: “Do what you say you are going to do, when it comes to privacy policies!”

TechCrunch

Facebook and the FTC today finalized their earlier announced settlement over charges that Facebook had “deceived” its customers by “telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.” Unlike this week’s earlier $22.5 million FTC settlement with Google, Facebook does not face any financial penalties because the FTC does not have the authority to levy fines when it enters an initial agreement like this one (it can only impose fines when companies violate the agreement). Instead, the company will have to promise that it will give its users “clear and prominent notice” and get their consent before sharing their information beyond their privacy settings. In addition, Facebook will have to submit itself to biennial privacy audits for the next 20 years and maintain a “comprehensive privacy program.”

The FTC launched its investigation into Facebook’s privacy practices in 2011 and…

View original post 263 more words

California Starts Up a Privacy Enforcement Unit | Threat Level | Wired.com

California Starts Up a Privacy Enforcement Unit | Threat Level | Wired.com.

Yet another sign that the privacy issues are starting to come in from the cold: The California Attorney General’s office is setting up a special unit for the purpose of enforcing state and federal privacy laws.

This has the potential to have a major impact on not just Silicon Valley, but also (if Massachusetts and Nevada are any indicator) any company doing business in the state of California.

As a result of moves such as this, it is increasingly important that companies make sure that their policies, procedures, and practices on customer privacy are fully up to date. More and more, this is a truly business-critical issue.

The State Of Mobile App Privacy Policies | TechCrunch

The State Of Mobile App Privacy Policies | TechCrunch.

TechCrunch addresses the current state of the mobile app industry with respect to privacy policies.

The past year has seen some noteworthy scandals regarding apps that treat sensitive user data in undisclosed (and sometime hair-raising) manners. Path’s access to and siphoning off of private address book data is just one example of this.

As a result of growing concerns over the handling of sensitive data by mobile apps, Both the Federal Trade Commission (the “FTC”) and the California state Attorney General’s office have gotten far more aggressive in terms of pushing compliance with privacy laws and the creation of workable industry standards. The California Attorney General in particular has announced that it will be enforcing California’s Online Privacy Protection Act against app developers.

With greater attention (and enforcement efforts) under way, app developers need to pay far more attention to industry best practices on privacy issues, including putting in place app privacy polices (and making them readily available to its customers).

FTC Charges Businesses Exposed Sensitive Information on Peer-to-Peer File-Sharing Networks, Putting Thousands of Consumers at Risk

FTC Charges Businesses Exposed Sensitive Information on Peer-to-Peer File-Sharing Networks, Putting Thousands of Consumers at Risk.

The FTC has announced two recent settlements with companies who are alleged to have illegal exposed sensitive personal information of their customers by allowing peer to peer file-sharing software to be installed on their corporate computer systems.

One of the settlements was with the Georgia automobile dealership Franklin’s Budget Car Sales, Inc., also known as Franklin Toyota/Scion, of Statesboro, Georgia.

The FTC alleged that Franklin failed to implement reasonable security measures to protect consumers’ personal information, and, as a result, information for 95,000 consumers was made available on the P2P network. The information included names, addresses, Social Security Numbers, dates of birth, and driver’s license numbers.

The agency charged that Franklin failed to assess risks to the consumer information it collected and stored online and failed to adopt policies to prevent or limit unauthorized disclosure of information. It also allegedly failed to prevent, detect and investigate unauthorized access to personal information on its networks, failed to adequately train employees and failed to employ reasonable measures to respond to unauthorized access to personal information.

Enforcement actions such as this point up the serious implications of inadequate (or non-existent) data privacy and security policies. This is an area of the law which is drawing ever-increasing scrutiny from regulatory agencies. Businesses need to take the handling of personal information very seriously and ensure that it not only has developed but also implemented appropriate polices and procedures concerning the gathering, storage, protection, and destruction of such information.