FTC Orders Auto Dealers to Pay $85,000 Civil Penalty over Allegedly Deceptive Advertising Practices

On August 18, the FTC announced that three Texas-based auto dealers will pay an $85,000 civil penalty to resolve allegations that they violated a 2014 administrative order prohibiting them from deceptively advertising the cost of buying or leasing a car. The FTC complaint alleges, among other things, that since receiving the 2014 order, the auto dealers frequently misrepresented offers to finance or lease motor vehicles by “focusing only on a few attractive items, such as a low monthly payment or annual percentage rate, while concealing material terms that add significant extra costs or that limit who can qualify for the advertised prices.” In addition to the $85,000 civil penalty, the proposed consent order bars the defendants from (i) deceptively advertising a vehicle’s cost of purchase with financing, the cost of leasing, or any other material fact regarding price, sale, financing or leasing; (ii) misrepresenting who is likely to receive financing or leasing and who qualifies for specific finance or lease terms; and (iii) violating the Truth in Lending Act’s and the Consumer Leasing Act’s requirements to clearly and conspicuously disclose credit and lease terms.


FTC Announces Agenda for Ransomware Event

On September 7, the FTC will host its first in a series of events to look at emerging technologies raising consumer privacy and security concerns. Scheduled to take place in Washington, D.C., the first event will focus on ransomware, “one of the most challenging cybersecurity problems affecting consumers and businesses.” Panelists will discuss the scope and state of ransomware, the best defenses against it, and how victims should respond to hacker demands. The FTC will host the second and third events in the series on October 13 and December 7 with emphases on drones and smart TVs, respectively.


FTC Updates Consumer Information Page with New Online Tracking Guidance

Recently, the FTC updated its “Consumer Information” page with new online tracking guidance. The new guidance details how web browsers use first- and third-party “cookies” as an online tracking method to save consumers’ online preferences, eventually customizing their browsing experience and delivering ads targeted toward a specific consumer. Additional online tracking devices described in the FTC’s guidance include (i) flash cookies, which use Adobe Flash technology to store information about consumers’ online browsing activities; (ii) device fingerprinting, which identifies a specific consumer’s device based on browser configurations and settings and “can be used to track [consumers] on all kinds of internet-connected devices that have browsers, such as smart phones, tablets, laptops, and desktop computers”; and (iii) device identifiers, which monitor “different applications used on a particular device.” The guidance notes that consumers can limit the use of online tracking technologies by turning on “private browsing” in their browser settings, opting out of targeted advertising, and selecting the “Do Not Track” option, which is available in most browsers. Finally, the guidance also recommends that consumers “learn about tracker-blocking browser plugins,” which “prevent companies from using cookies or fingerprinting to track [consumers’] internet behavior.”

COMMENTS: Comments Off
POSTED IN: Data Risk / Privacy, Federal Issues

FTC Determines Medical Testing Lab’s Data Security Practices Unreasonable

On July 29, the FTC announced the issuance of an Opinion and Final Order reversing an Administrative Law Judge (ALJ) Initial Decision to dismiss a 2013 FTC complaint against a Georgia-based medical testing laboratory (Respondent). In a 3-0 vote, the Commission determined that Respondent “failed to implement reasonable security measures to protect the sensitive consumer information on its computer network and therefore that its data security practices were unfair under Section 5 of the [FTC] Act.” In reversing the Initial Decision, the Commission concluded that Respondent’s security practices lacked “even basic precautions” to protect consumers’ sensitive information by, among other things, failing to (i) “use an intrusion detection system or file integrity monitoring”; (ii) “monitor traffic coming across its firewalls”; (iii) provide adequate data security training to its employees, finding that “essentially no data security training” was provided; and (iv) delete “any of the consumer data it had collected.” According to the Commission, such failures led to the exposure of medical and other sensitive information for 9,300 consumers on a peer-to-peer (P2P) network to which millions of users had access. Read more…


FTC to Host FinTech Forum on Crowdfunding and Peer-to-Peer Payment Systems

On October 26, the FTC will host the second in a series of FinTech forums in Washington, D.C. Industry participants, consumer groups, researchers, and government representatives will gather to discuss the potential effects of crowdfunding and peer-to-peer payment systems on the consumer finance industry. Forum participants will “look at how the FTC Act and other existing consumer protection laws might apply to companies participating in these areas.” The FTC expects to release a complete schedule and other forum details in the near future.