Posts Tagged ‘FTC Act’
Monday, November 10th, 2008
I anticipate that with the big $700 billion “rescue” plan the government is going to continue the increased compliance activities…
(more…)
Tags:awareness and training, FTC Act, GLBA, Information Security, IT compliance, IT training, policies and procedures, Premier Capital, privacy rule, privacy training, risk management, Safeguards Rule, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Monday, July 7th, 2008
The FTC has long provided a great role model for other government oversight and enforcement agencies with regard to their activities in ensuring organizations follow data protection laws and also ensure organizations actually fulfill the promises they make within their published information security and privacy policies. It is too bad most of the other government agencies are not as diligent or nearly as effective in helping to ensure organizations sufficiently protect personally identifiable information (PII).
While doing some research today I compiled a list of the actions the FTC has taken, which I thought may be useful to some of you as well…
(more…)
Tags:awareness and training, FTC, FTC Act, GLBA, Gramm Leach Bliley, Information Security, IT compliance, policies and procedures, privacy training, risk management, Safeguards Rule, security training
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Sunday, May 18th, 2008
I see a growing trend in organizations trying to gut the promises made in their website privacy policies through sneaky wording they place in their rarely read “Terms of Use” statements.
Over the past few months I have heard from some CISOs and CPOs who are concerned at some of the wording that their legal counsels are suggesting they put on their web sites. And rightly so. Why? Because the considered “Terms of Use” statements seem to be, 1) trying to eliminate all liability to the organization for anything bad that happens to the personally identifiable information (PII) submitted to or accessed from the site; 2) basically nullifying the posted privacy policy; and 3) trying to require the website user to agree to these terms just by using the site…no active acknowledgment or agreement necessary.
Here is a composite from around half of a dozen of these worrisome passages from the considered drafted Terms of Use statements that I’ve seen…
(more…)
Tags:awareness and training, FTC, FTC Act, implied consent, Information Security, IT compliance, policies and procedures, privacy, risk management, security awareness, security training, terms of use, website privacy policies
Posted in Privacy and Compliance | No Comments »
Tuesday, January 29th, 2008
Tags:AccuSearch, awareness and training, FTC Act, Information Security, IT compliance, policies and procedures, pretexting, privacy, privacy policy, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Tuesday, January 29th, 2008
Tags:AccuSearch, awareness and training, FTC Act, Information Security, IT compliance, policies and procedures, pretexting, privacy, privacy policy, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Friday, January 18th, 2008
Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”
(more…)
Tags:awareness and training, compliance penalty, FTC, FTC Act, Information Security, IT compliance, life is good, policies and procedures, privacy, privacy incident, privacy policy, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
Thursday, December 27th, 2007
On December 10 the U.S. Federal Trade Commission (FTC) announced that the FTC commissioners voted unanimously to have principles to govern online behavioral advertising. At the same time they released their proposed principles to guide the development of self-regulation in this area.
(more…)
Tags:awareness and training, behavioral advertising, cookies, FTC, FTC Act, Information Security, IT compliance, policies and procedures, privacy, privacy policy, privacy principles, risk management, security awareness, security training, web bugs
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, December 26th, 2007
Tags:American United Mortgage Company, awareness and training, disposal rule, FACTA, FCRA, FTC, FTC Act, GLBA, Information Security, IT compliance, policies and procedures, privacy, privacy incident, privacy policy, privacy rule, risk management, security awareness, security training
Posted in Information Security, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Friday, December 14th, 2007
I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).
(more…)
Tags:awareness and training, cyberstreetsmart, FTC Act, Information Security, IT compliance, policies and procedures, privacy, privacy policy, risk management, security awareness, security training
Posted in Privacy and Compliance | No Comments »
Sunday, December 9th, 2007
I like to keep my eye on the FTC site; they are very active in catching businesses violating the U.S. FTC Act by practicing unfair and deceptive business practices, particularly via the Internet. They really demonstrate the need for privacy and information security professionals to stay on top of what their business units and marketing areas are doing with regard to contacting consumers, forcing ads upon them, and gathering information from them.
(more…)
Tags:Adultfriendfinder, adware, awareness and training, FTC Act, Information Security, information security policies, IT compliance, personally identifiable information, PII, policies and procedures, popup marketing, protecting information, risk management, security risk, security training, spyware, Various Inc.
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
