FTC v. Wyndham: Has the FTC Declared Unreasonable Security “Unfair”?

(Apr 10, 2015) In the latest installment of the FTC v. Wyndham case, the Third Circuit Court of Appeals is set to determine the scope of the agency’s authority over unfair trade practices in the arena of cybersecurity. On March 27, the Federal Trade Commission (FTC) and Wyndham Worldwide Corp. filed supplemental briefings in the Third Circuit presenting arguments on whether the FTC has declared that unreasonable cybersecurity practices are unfair, and, assuming the FTC has not determined that unreasonable cybe... Read More

Obama’s Latest Cybersecurity Bill: Something Old, Something New, Something Borrowed, Something Blue

(Apr 8, 2015) President Barack Obama recently announced new legislation aimed at enhancing cybersecurity by authorizing information-sharing between private and government entities as well as among private entities. In this Privacy Tracker post, IAPP Westin Fellow Arielle Brown analyzes the proposal and how it compares to Obama’s previous proposal and other cybersecurity bills including the Cyber Intelligence Sharing and Protection Act and the Cyber Information Sharing Act. “While the president’s cybersecurity proposal takes significant steps toward incorporating new privacy protections, it leaves unanswered important questions and interpretative ambiguities,” Brown writes. Read More

Examining the President’s Proposed National Data Breach Notification Standard Against Existing Legislation

(Feb 27, 2015) President Obama’s recent proposal of a National Data Breach Notification Standard (or The Personal Data Notification & Protection Act) has received widespread attention for its promise to preempt and unify the existing patchwork of state-level requirements. IAPP Westin Research Fellow Patricia Bailin analyzes the proposed bill and how it would impact state, city and territorial laws. Read More

How Much Security is Enough? Check the FTC Casebook

(Jan 26, 2015) How will you know what the FTC deemed unreasonable in dozens of enforcement actions? As seasoned privacy experts, you can of course go to the FTC website to seek, download and plough through all of the more than 180 FTC privacy and data security cases. But, as of last week, there’s a far better way: The IAPP Westin Research Center has launched its FTC Casebook, which is available at no additional charge to IAPP members. Read More

Using the FTC Casebook to Find Your Geolocation Strategy

(Jan 20, 2015) Though you should certainly turn to the Casebook in emergency situations (as we suggested in a previous hypothetical scenario), this resource is also valuable for “preemptive” privacy and data security decision-making – aka privacy by design. Read More

Security breach through P2P network? Check the FTC Casebook

(Jan 16, 2015) After a great deal of work, the IAPP Westin Research Center has launched its casebook of FTC privacy and data security enforcement actions. The casebook is a digital resource, collecting all 180 FTC enforcement actions (for now) and making them easily accessible, full-text searchable, tagged, indexed and annotated. To help you better understand the benefits and functionality of this tool, we have developed several use cases displaying how you might search the casebook and make use of the results... Read More

Privacy Is the New Antitrust: Launching the FTC Casebook

(Jan 15, 2015) On Monday, presaging his sixth State of the Union Address, U.S. President Barack Obama visited the Federal Trade Commission (FTC) bearing a message of sweeping privacy reform. Coincidentally, it was almost exactly 101 years ago that President Woodrow Wilson, in his January 20, 1914, State of the Union Address, announced his antitrust initiative to Congress, declaring, “We are all agreed that ‘private monopoly is indefensible and intolerable.’” The result of that speech was the passage of the FTC... Read More

The FTC Refutes Wyndham’s Challenge; Unreasonable Security Is “Unfair”

(Nov 13, 2014) Generating a flurry of conversation among privacy professionals worldwide, the U.S. Federal Trade Commission (FTC) last week filed its response to Wyndham Worldwide Corporation’s interlocutory appeal in the Third Circuit. It’s the most recent activity in a case that began in 2012, when the FTC issued a complaint against Wyndham alleging data security failures that enabled three data breaches between 2008 and 2009. IAPP Westin Research Fellow Patricia Bailin, CIPP/US, examines the history of the case and the latest developments. Read More

The Blind Men, the Elephant and the FTC’s Data Security Standards

(Oct 30, 2014) Like a group of blind men encountering an elephant—one touching the trunk and thinking “snake,” another feeling a tusk and thinking “sword,” a third caressing an ear and thinking “sail”—so do commentators, lawyers and industry players struggle to identify what “reasonable data security” practices mean in the eyes of the Federal Trade Commission (FTC). In the absence of federal legislation or regulatory guidance, the reasonableness standard is assessed on a case-by-case basis through a string of ... Read More

California’s Newest Privacy Wave

(Oct 9, 2014) At a time when advocates for issues of every sort are lamenting the gridlock in Congress, privacy advocates have found solace in California. Fortifying the state’s place at the cutting edge of privacy policymaking, California governor Jerry Brown signed several bills into law last week addressing a variety of privacy, security breach notification and surveillance concerns. These bills impose limitations on activities as diverse as identity theft protection and monitoring, the distribution of sex... Read More