Tag Archives: Consumer Protection

NERC Report Highlights Lessons Learned from Ukraine Electric Utility Cyber Attack

On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks. … Continue Reading

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading

FTC Settles with Router Manufacturer over Software Security Flaws

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.… Continue Reading

California Attorney General Releases Report Defining “Reasonable” Data Security

On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading

China Enacts Administrative Measures for Online Payment Businesses

Recently, the People's Bank of China published Administrative Measures for Online Payment Business of Non-bank Payment Institutions. These measures were enacted to provide further details on the regulation of the online payment business in supplement to earlier measures published on June 14, 2010.… Continue Reading

FTC Issues Guidance on Native Advertising: Businesses Must Consider the Likelihood of Consumer Confusion

The Federal Trade Commission issued enforcement guidance on “native advertising” — ads that purposely are formatted to appear as noncommercial and are integrated into surrounding editorial content. The agency’s guidance took two parts: an Enforcement Policy Statement on deceptively formatted ads, and a Guide for Business on native advertising. Importantly, the FTC notes that its policy statement does not apply just to advertisers but also applies to other parties that help create the content: ad agencies, ad networks and potentially, publishers.… Continue Reading

California Attorney General Announces $25 Million Settlement with Comcast

On December 15, 2015, the California Attorney General announced an approximately 25 million dollar settlement with Comcast Cable Communications, LLC stemming from allegations that Comcast disposed of electronic equipment (1) without properly deleting customer information from the equipment and (2) in landfills that are not authorized to accept electronic equipment.… Continue Reading

U.S. Congress Releases Compromise Bill on Cybersecurity Information Sharing

On December 16, 2015, leaders in the U.S. House of Representatives and Senate released an omnibus spending bill that contained cybersecurity information sharing language that is based on a compromise between the Senate’s Cybersecurity Information Sharing Act and two cybersecurity information sharing bills that passed in the House earlier this year. … Continue Reading

Wyndham Settles FTC Charges in FTC v. Wyndham

On December 9, 2015, the FTC announced that Wyndham Worldwide Corporation settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices.… Continue Reading

China Publishes New Regulation for Personal Data Security in the Courier Industry

On November 16, 2015, the Legislative Affairs Office of the State Council of the People's Republic of China published a draft Regulation for Couriers and requested public comment on the draft regulation, which imposes certain obligations on courier companies with respect to verifying and protecting personal information. Interested parties have until mid-December 2015 to submit comments. … Continue Reading

FCC Reaches Settlement with Cable Operator over Customer Data Breach

On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed … Continue Reading

FCC to Tackle Issue of Broadband Privacy

On November 2, 2015, Federal Communications Commission Chairman, Tom Wheeler, indicated in an interview that the agency would take on the issue of broadband privacy within the next several months, most likely in the form of a notice of proposed rulemaking. … Continue Reading

Senate Passes Cybersecurity Information Sharing Act

On October 27, 2015, the U.S. Senate passed S.754 - Cybersecurity Information Sharing Act of 2015 by a vote of 74 to 21. This bill is intended to facilitate and encourage the sharing of Internet traffic information between and among companies and the federal government to prevent cyber attacks.… Continue Reading