On January 7, 2022, U.S. Representatives Kathy Castor (D-Fla.) and Jan Schakowsky (D-IL), members of the House Committee on Energy and Commerce, penned a letter requesting information from each of the Children’s Online Privacy Protection Act Safe Harbor programs.
Continue Reading U.S. Representatives Request Information from COPPA Safe Harbor Programs

Earlier this month, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC over alleged violations of the FTC Act and Fair Credit Reporting Act. The FTC alleged that ITMedia deceptively acquired and indiscriminately shared consumers’ sensitive personal information under the guise of connecting them with lenders.
Continue Reading FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information

On December 27, 2021, the Federal Trade Commission sought public comment on a petition filed by Accountable Tech calling on the FTC to use its rulemaking authority to prohibit “surveillance advertising” as an “unfair method of competition.”
Continue Reading FTC Seeks Comments on Accountable Tech’s Petition for Rulemaking to Prohibit Surveillance Advertising

On December 15, 2021, the Federal Trade Commission announced a $2 million settlement with OpenX Technologies in connection with alleged violations of the COPPA Rule and the FTC Act. The FTC alleged that OpenX knowingly collected personal information from children under 13 without parental consent and collected geolocation data from users who opted out of being tracked.
Continue Reading FTC Announces $2 Million Settlement with Ad Exchange Over Alleged COPPA Violations

On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency issued a new rule requiring U.S. banks to notify federal regulators within 36 hours of determining that a computer-security incident meeting certain criteria has occurred. The rule also requires bank service providers to notify affected banks “as soon as possible” when the service provider determines that a computer-security incident has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.
Continue Reading Federal Regulators Issue New Cyber Incident Reporting Rule for Banks

On November 3, 2021, the Cybersecurity and Infrastructure Security Agency announced Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities, establishing a CISA-managed catalog of vulnerabilities and ordering federal agencies to remediate such vulnerabilities on government information systems.
Continue Reading CISA Issues New Cybersecurity Directive for Federal Agencies

On October 27, 2021, the Federal Trade Commission announced significant amendments to the agency’s Safeguards Rule, which requires covered financial institutions to develop, implement and maintain a comprehensive information security program that complies with the Safeguards Rule’s requirements.
Continue Reading FTC Announces Significant Updates to GLB Safeguards Rule

On October 6, 2021, Deputy Attorney General Lisa Monaco announced the launch of the new Civil Cyber-Fraud Initiative that will use the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients.
Continue Reading DOJ Announces New Cyber-Fraud Initiative and Intent to Utilize False Claims Act to Spur Compliance

On October 8, 2021, Senator Ed Markey (D-Mass) and Representatives Kathy Castor (D-Fla) and Lori Trahan (D-Mass) penned a letter to Chair of the Federal Trade Commission Lina Khan, urging the agency to ensure that companies uphold the commitments made in their children’s privacy notices and “hold them accountable if they fail to do so.”
Continue Reading Democratic Lawmakers Urge FTC to Hold Companies Accountable to their Children’s Privacy Notices