New York Attorney General Announces Settlements Over Data Collection Practices

On February 9, the New York Attorney General’s (NYAG’s) office announced two settlements with mobile app developers who allegedly omitted information about their data collection practices in their privacy policies. While the investigation revealed that neither developer misused their customers’ personal information or improperly disclosed such information to third parties, the NYAG’s office determined that both companies failed to properly disclose the fact that they had collected the information as required by law. Both companies have agreed to add privacy policies to their apps.

LinkedInFacebookTwitterGoogle+Share

Federal Judge Sentences Hacker to Eight Years for Cyber Heists that Caused More than $55 Million in Losses

On February 10, the United States Attorney for the Eastern District of New York announced that the Honorable Kiyo A. Matsumoto levied an eight year prison sentence against a Turkish citizen charged with organizing and carrying out three cyber-attacks on global financial institutions between 2011 and 2013 which resulted in more than $55 million in losses. Last March, the defendant pleaded  guilty to “computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices.” Specifically, the defendant and his associates were alleged to have repeatedly hacked into debit card processing systems, manipulated account balances, stole customers’ PINs, and transferred that information to associates who then encoded debit cards with the stolen data in order to make fraudulent ATM withdrawals. The DOJ further alleged that the hackers targeted databases companies maintained for prepaid debit cards and effectively eliminated the card accounts’ withdrawal limits in what are called “unlimited operations.” The defendant was also ordered to pay $55,080,226.14 in restitution as part of his sentence.

LinkedInFacebookTwitterGoogle+Share

Top “Smart TV” Manufacturer Agrees to Pay $2.2M to Settle FTC “Smart TV” Tracking Investigation

On February 6, the Federal Trade Commission (FTC) and the New Jersey Attorney General (NJAG) announced that they had entered into a $2.2 million settlement to resolve claims that a “smart” television manufacturer secretly gathered users’ viewing data and sold it to third parties who used the data for targeted advertising purposes. The settlement, which was approved by the FTC by a unanimous 3-0 vote, includes a payment of $1.5 million to the FTC and $700,000 to the New Jersey Division of Consumer Affairs, with an additional $300,000 in penalties to New Jersey suspended. The settlement also requires that the TV maker not misrepresent its data collection and sharing practices, prominently disclose its data collection and sharing practices and obtain permission from each consumer prior to collecting viewing data, delete most of the viewing data it already collected, implement a comprehensive privacy program, and undergo biennial third-party privacy assessments.

Notably, in a concurring statement, acting FTC Chairman Maureen K. Ohlhausen emphasized that this settlement marks “the first time the FTC has alleged in a complaint that individualized television viewing activity falls within the definition of sensitive information.” Previously, the FTC had limited the definition of sensitive information to “financial information, health information, Social Security Numbers, information about children, and precise geolocation information.” Chairman Ohlausen noted “the need for the FTC to examine more rigorously what constitutes ‘substantial injury’ in the context of information about consumers” and indicated her intention to “launch an effort to examine this important issue further.”

LinkedInFacebookTwitterGoogle+Share

NY Attorney General Announces Data Breach Settlement with Computer Manufacturer

On January 29, New York Attorney General Eric T. Schneiderman announced a settlement with a foreign computer manufacturer over allegations of a data breach of customer data. The AG’s office claims the security vulnerabilities allowing for the breach lasted almost a full calendar year. In addition to a $115,000 penalty, the manufacturer is required to “maintain [both] reasonable security policies designed to protect consumer personal information. . .[and] data security standards required by the credit card industry.”

LinkedInFacebookTwitterGoogle+Share

President Trump Appoints Maureen Ohlhausen Acting FTC Chairman

On January 25, the FTC announced that President Trump has appointed Maureen K. Ohlhausen to serve as Acting Chairman of the FTC by a White House order. Commissioner Ohlhausen became an FTC commissioner in April 2012 and her current term is set to expire in 2018. In addition to the Acting Chairman, the FTC is headed by Commissioner Terrell McSweeny and fellow-democrat Edith Ramirez who steps down early next month and previously served as Chairwoman. The FTC also has two commissioner vacancies. “I am deeply honored that President Trump has asked me to serve as acting chairman of the FTC and to preserve America’s true engine of prosperity: a free, honest, and competitive marketplace,” Ohlhausen said in a statement. She added further that “[i]n pursuit of that mission” she “will ensure the Commission minimizes the burdens on legitimate business as we carry out this vital work.”

LinkedInFacebookTwitterGoogle+Share