FTC Issues a Guide for Businesses and Organizations on the Red Flags Rule

Posted on June 11, 2013 by Hunton & Williams LLP

In May 2013, the Federal Trade Commission released a new guide entitled Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business (the “Guide”) to help businesses and organizations determine whether they are subject to the FTC’s Red Flags Rule (“Red Flags Rule”) and how to meet the Rule’s requirements. The FTC’s Guide includes information regarding what types of entities must comply with the Red Flags Rule, a set of FAQs, and a four-step process to achieve compliance.

Continue reading…

Tags: Consumer Protection, Federal Trade Commission, Financial Privacy, Identity Theft, Red Flags Rule

FTC Sends Warning Letters to Data Brokers Regarding FCRA Violations

Posted on May 9, 2013 by Hunton & Williams LLP

On May 7, 2013, the Federal Trade Commission announced that it issued letters to ten data broker companies warning that their practices could violate prohibitions against selling consumer information under the Fair Credit Reporting Act (“FCRA”). The FTC identified the ten data broker companies after a test-shopping operation that indicated these companies were willing to sell consumer information without adhering to FCRA requirements.

Continue reading…

Tags: Consumer Protection, Credit Report, Cross-Border Data Flow, Data Protection Authority, FCRA, Federal Trade Commission, Financial Privacy, Information Security, Online Privacy

OpUSA: Criminal Hackers Planning Cyber Attacks Against Bank Websites

Posted on May 7, 2013 by Hunton & Williams LLP

On May 7, 2013, the hacker group Anonymous announced that it, in concert with Middle East- and North Africa-based criminal hackers and cyber actors, will conduct a coordinated online attack labeled “OpUSA” against banking and government websites today. Anonymous stated that OpUSA will be a distributed denial of service (“DDoS”) in which websites may be defaced and legitimate users may be unable to access websites.

Continue reading…

Tags: Consumer Protection, Cybersecurity, Financial Privacy, Information Security, Online Privacy

SEC and CFTC Adopt Rules on Red Flags and Identity Theft

Posted on April 11, 2013 by Hunton & Williams LLP

On April 10, 2013, the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) jointly adopted rules that require broker-dealers, mutual funds, investment advisers and certain other regulated entities to adopt programs designed to detect “red flags” and prevent identity theft. These rules implement provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, that amended the Fair Credit Reporting Act (“FCRA”) to direct the SEC and the CFTC to adopt rules requiring regulated entities to address risks of identity theft. The 2003 amendments to the FCRA required other regulatory authorities to issue identity theft red flags rules, but did not authorize or require the SEC or the CFTC to issue their own rules.

Continue reading…

Tags: Commodity Futures Trading Commission, Dodd-Frank Act, FCRA, Financial Privacy, Identity Theft, Securities and Exchange Commission

SEC Clarifies Use of Social Media Under Regulation FD

Posted on April 8, 2013 by Hunton & Williams LLP

On April 2, 2013, the Securities and Exchange Commission issued a report regarding the investigation of a prominent public company and its CEO over disclosures made on the CEO’s personal social media page. The Commission did not bring enforcement charges in this case, but the report set forth the Commission’s view that, under certain circumstances, issuer-sponsored social media can be a permissible channel of dissemination of information under Regulation FD.

Adopted in 2000, Regulation FD generally prohibits public companies and personnel acting on their behalf from selectively disclosing material, nonpublic information to certain groups, such as brokers, investment advisers, analysts and shareholders who are likely to trade on information, without concurrently making widespread public disclosure.

Read our full client alert.

Tags: Financial Privacy, Online Privacy, Securities and Exchange Commission, Social Media

U.S. Court Finds National Security Letter Nondisclosure Provisions Unconstitutional

Posted on March 22, 2013 by Hunton & Williams LLP

On March 14, 2013, the United States District Court for the Northern District of California granted a motion to prohibit the government from issuing National Security Letters (“NSLs”) to electronic communication service providers (“ECSPs”) requesting “subscriber information” and enforcing nondisclosure clauses contained in such letters. The nondisclosure clauses are intended to prevent ECSPs from disclosing that they received an NSL. The court also held that the sections of two federal statutes relating to the nondisclosure provisions of NSLs, 18 U.S.C. §2709(c) and 18 U.S.C. §3511(b), (collectively, the “NSL Nondisclosure Statutes”) were unconstitutional because they violated the First Amendment as well as separation of powers principles. In light of the significant constitutional and national security implications, the court stayed enforcement of its judgment pending appeal to the Ninth Circuit, or for 90 days if no appeal is filed.

Continue reading…

Tags: California, Consumer Protection, FCRA, Financial Privacy, Service Provider, U.S. Federal Law

Disclosure of Cybersecurity Risks in SEC Filings on the Rise

Posted on March 13, 2013 by Hunton & Williams LLP

As reported in The Washington Post, large financial institutions are increasingly disclosing cyber attacks, and potential vulnerability to cyber threats, in their annual reports filed with the Securities and Exchange Commission. Numerous banks disclosed such attacks in their 2012 reports, even in cases where the ongoing threat of the attacks did not result in any material harm to the institution. For example: Continue reading…

Tags: Cybersecurity, Financial Privacy, Information Security, Obama, Securities and Exchange Commission, Security Breach, U.S. Federal Law

FTC Releases Report on the Increased Use of Mobile Payments

Posted on March 12, 2013 by Hunton & Williams LLP

On March 8, 2013, the Federal Trade Commission issued a staff report entitled Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments (the “Report”). The Report is based on a workshop held by the FTC in April 2012 and highlights key consumer and privacy issues resulting from the increasingly widespread use of mobile payments.

Although the FTC recognizes the benefits of mobile payments, such as ease and convenience for consumers and potentially lower transaction costs for merchants, the Report notes three areas of concern with the mobile payments system: (1) dispute resolution, (2) data security and (3) privacy.

Continue reading…

Tags: Consumer Protection, Federal Trade Commission, Financial Privacy, Geolocation, Information Security, Mobile App, Mobile Device, Online Privacy, Privacy By Design

FTC Study Reports on Inaccuracies in Consumer Credit Reports

Posted on February 13, 2013 by Hunton & Williams LLP

On February 11, 2013, the Federal Trade Commission announced that a congressionally-mandated study of the U.S. credit reporting industry found that 26 percent of consumers identified at least one error that might affect their credit score. The study reported that 5 percent of consumers had errors on their credit reports that could result in less favorable terms for loans and insurance.

Continue reading…

Tags: Congress, Consumer Protection, Credit Report, FCRA, Federal Trade Commission, Financial Privacy, Obama

FFIEC Issues Draft Guidance on Social Media

Posted on January 25, 2013 by Hunton & Williams LLP

On January 23, 2012, the Federal Financial Institutions Examination Council (“FFIEC”) released proposed guidance, Social Media: Consumer Compliance Risk Management Guidance (the “Guidance”) to address how federal consumer protection laws may apply to the social media activities of financial institutions that are supervised by the Consumer Financial Protection Bureau. Comments on the guidance must be submitted within 60 days (before March 25, 2013). After consideration of the public comments, and once the guidance is finalized, financial institutions will be expected to “use the guidance in their efforts to ensure that their risk management practices adequately address the consumer compliance and legal risks, as well as related risks, such as reputation and operational risks, raised by activities conducted via social media.” Rather than imposing additional obligations on financial institutions, the Guidance is intended to help financial institutions comply with existing federal requirements as they apply to the use of social media platforms.

Continue reading…

Tags: Consumer Protection, Financial Privacy, Information Security, Social Media