On August 15, 2013, the Federal Trade Commission announced a 3.5 million dollar settlement with Cetergy following allegations that the check authorization service violated various provisions of the Fair Credit Reporting Act, including requirements concerning accuracy of consumer reports and dispute investigation and resolution procedures.
Continue Reading FTC Announces 3.5 Million Dollar Settlement in FCRA Case

On May 2, 2010, the Department of Commerce will hold a public meeting in Washington, D.C., to listen to stakeholders’ views on privacy policies in the United States.

Continue Reading Department of Commerce Announces a Public Meeting on “Information Privacy and Innovation in the Internet Economy”

It is being reported that the U.S. District Court for the District of Columbia agreed this morning with the American Bar Association’s argument that the FTC’s Identity Theft Red Flags Rule ("Red Flags Rule" or the "Rule") does not apply to lawyers.  The Rule implements Section 114 and 315 of the Fair and Accurate Credit Transactions Act (the "FACT Act").  In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program.  The program must be designed to detect, prevent, and mitigate the risk of identity theft. The FTC has interpreted the definition of "creditor" broadly.  The Commission has taken the position in publications and numerous panels that lawyers and law firms meet the definition of creditor because they allow clients to pay for legal services after the services are rendered.  For law firms (as well as for other entities that the FTC deems subject to its enforcement jurisdiction), November 1, 2009 is the deadline for compliance with the provisions of the Rule that require implementation of an identity theft prevention program.

Continue Reading Court Finds that Lawyers Are Not Subject to the FTC’s Identity Theft Red Flags Rule

On May 12, 2009, the European Commission issued a long-awaited recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification (“RFID”).  The recommendation follows a process initiated in 2006 when the European Commission launched a public consultation on RFID technologies.  Following this public consultation and in order to protect consumers’ privacy and data protection, the European Commission decided to take further steps by preparing a recommendation to regulate the use of RFID.

Continue Reading EU Commission Issues Recommendation on RFID, Privacy and Data Protection