Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”
Posts Tagged ‘FTC’
FTC Hands Down Another FTC Act Noncompliance Penalty For Bad Online Application Security
Friday, January 18th, 2008New FTC Spam & Phishing Report
Wednesday, January 9th, 2008On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.
FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations
Wednesday, December 26th, 2007On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:
FTC Continues Active Compliance Enforcement: Applies $7.7 Million In Fines To 6 Do-Not-Call Violators
Saturday, November 10th, 2007This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility.
In their press release, “FTC Announces Law Enforcement Crackdown on Do Not Call Violators” they detail their recent actions against six organizations for non-compliance with the Do Not Call (DNC) registry requirements. The involved settlements totaled close to $7.7 million in civil penalties. In addition to the following, actions against Global Mortgage Funding are pending.
Here is an overview of the non-compliance activities and associated fines/penalties:
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
Friday, November 2nd, 2007In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.
Definitions For the Identity Theft Prevention Program Rule Under FACTA & Questions For Your Organization
Friday, November 2nd, 2007In addition to some great followup questions I got from Andy in response to my blog posting yesterday, “FTC Now Requires Organizations to Have an Identity Theft Prevention Program” I have also received some interesting questions from others about the new Identity Theft Prevention Program Rule, along with having the opportunity to have some interesting discussions with several folks today, such as Linda McGlasson at bankinfosecurity.com.
FTC Now Requires Organizations to Have an Identity Theft Prevention Program
Thursday, November 1st, 2007Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?
APEC Privacy Framework: Viewpoints from the FTC, TRUSTe & Marty Abrams
Saturday, October 27th, 2007One of the sessions I attended at the IAPP Privacy Academy this past week was “APEC Update – Self Regulatory Approaches to Cross Border Transfers of Personal Data.” The presenters were: Pamela Jones Harbour, Commissioner, Federal Trade Commission (FTC), Marty Abrams, Executive Director, Center for Information Policy Leadership, and Fran Maier, Executive Director and President, TRUSTe.
Many Kinds of Identity Theft Cause Many Types of Long Lasting Negative Impacts
Friday, October 26th, 2007I want to revisit the blog posting I made a few days ago, “Average Cost of ID Theft Per Victim is $31,356”
Some folks gave me some feedback, saying that they thought this cost was way too high based upon their own experiences when someone had used their credit cards and “it only took a matter of minutes to call the credit card company and report it, cancel the card/number, and get a new card, along with the $50” that they were responsible for.
