Showing posts with label DATA SECURITY. Show all posts
Showing posts with label DATA SECURITY. Show all posts

Saturday, May 24, 2014

FTC TESTIFIES BEFORE SENATE HOMELAND SECURITY SUBCOMMITTEE REGARDING ONLINE ADVERTISING

FROM:  FEDERAL TRADE COMMISSION 
FTC Outlines Recommendations for Online Advertising In Testimony Before Senate Homeland Security Subcommittee

The Federal Trade Commission testified before Congress today on the agency’s ongoing efforts to protect consumers from emerging threats related to online advertising, as well as the Commission’s recommendations in this area.

Testifying on behalf of the Commission before the Senate Committee on Homeland Security and Governmental Affairs’ Permanent Subcommittee on Investigations, Maneesha Mithal, Associate Director of the FTC’s Division of Privacy and Identity Protection, outlined steps the agency is taking to address concerns related to online advertising through enforcement and consumer education.

The testimony highlights work by the Commission on three consumer protection issues affecting the online advertising industry: privacy, spyware and other malware, and data security.

In the area of privacy, the testimony notes the recommendations put forth in the Commission’s 2012 privacy report, which encourages businesses to provide consumers with simpler and more streamlined privacy choices about their data, through a robust universal choice mechanism for online behavioral advertising.

The testimony also addresses a number of privacy cases brought by the FTC against companies in the online advertising industry.  For example, the testimony describes the FTC’s 2012 settlement with Google, in which the company agreed to pay a $22.5 million civil penalty to resolve charges that it misrepresented to some consumers that it would not place tracking cookies or serve targeted ads to them.

The testimony also describes the FTC’s cases to combat spyware and other malware. These cases support three core principles: first, that a consumer’s computer belongs to him or her, and it must be the consumer’s choice whether to install software; second, that buried disclosures about material information necessary to correct an otherwise misleading impression are not sufficient in connection with software downloads; and third, that a consumer should be able to disable or uninstall any software they do not want on their computer.

The testimony also highlights the FTC’s extensive consumer education work aimed at helping consumers avoid and detect spyware and other malware, including its sponsorship of OnGuardOnline.gov.

On the topic of data security, the testimony underscores the Commission’s enforcement actions, noting that the agency has obtained settlements in 53 data security cases, including recent cases against the mobile app company Snapchat, as well as with Credit Karma, Fandango and home security camera maker TRENDnet.

The testimony recommends expanding efforts to educate both consumers and businesses, and also encourages industry self-regulation efforts aimed at protecting consumers from malicious online advertisements.

In addition, the testimony renews the Commission’s call for the enactment of a strong federal data security and breach notification law, noting that a national law would simplify compliance for businesses while ensuring that all consumers are protected. The testimony also notes that supplementing the Commission’s existing data security authority with the ability to seek civil penalties in appropriate circumstances would provide a deterrent to those engaging in unlawful conduct that puts consumers’ personal data at risk.

The Commission vote approving the testimony and its inclusion in the formal record was 5-0.    

Friday, March 28, 2014

FTC GIVE TESTIMONY ON DATA SECURITY TO SENATE COMMITTEE

FROM:  FEDERAL TRADE COMMISSION 
FTC Testifies on Data Security Before Senate Commerce, Science and Transportation Committee
Commission Renews Call for Data Security Legislation

In testimony before Congress, the Federal Trade Commission renewed its call for data security legislation and provided an update on its efforts to protect consumers’ privacy in the face of growing reports of data breaches.

Testifying on behalf of the Commission before the Senate Committee on Commerce, Science and Transportation, Chairwoman Edith Ramirez told lawmakers that the Commission believed Congress should act, particularly in light of the significant data breaches reported over the course of recent months.

“The Commission is here today to reiterate its longstanding, bipartisan call for enactment of a strong federal data security and beach notification law,” said Ramirez. “Never has the need for legislation been greater.”

The testimony highlights the Commission’s wide-ranging efforts in the data security arena, including its civil law enforcement authority under specific legislation such as the Fair Credit Reporting Act, Children’s Online Privacy Protection Act, and the Commission’s Safeguards Rule under the Gramm-Leach-Bliley Act. The testimony also notes the 50 data security cases the Commission has settled as a result of companies’ unfair or deceptive practices under the FTC Act.

In addition, the testimony outlines the Commission’s policy initiatives related to data security issues, including workshops, seminars and reports on a wide variety of topics that affect the security of consumers’ personal information. The testimony also notes the Commission’s ongoing efforts to educate consumers and provide guidance to businesses about issues related to data security.

In calling for legislation, the Commission’s testimony recommends that Congress strengthen its existing authority governing data security standards, and that it require companies in appropriate circumstances to provide notification to consumers affected by a data breach. Specifically, the testimony calls for the legislation to give the Commission the authority to seek civil penalties to help deter unlawful conduct, rulemaking authority under the Administrative Procedures Act, and jurisdiction over non-profit entities, which are not currently subject to FTC oversight.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Tuesday, February 4, 2014

FTC TESTIFIES ON DATA SECURITY

FROM:  FEDERAL TRADE COMMISSION 
FTC Testifies on Data Security before Senate Banking Subcommittee

In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.

Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.

“Data security is of critical importance to consumers.  If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.

The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data.  These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.

Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states.  Last week, the agency announced it had reached a milestone with its 50th data security settlement.  GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.

“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.

The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles.  These include:  knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.

The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en LĂ­nea.  For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.

The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.

Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security.  The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.

“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

Thursday, January 2, 2014

FTC SETTLES WITH ACCRETIVE HEALTH, INC., REGARDING FAILURE TO PROTECT CONSUMERS' PERSONAL INFORMATION

FROM:  FEDERAL TRADE COMMISSION 
Accretive Health Settles FTC Charges That It Failed to Adequately Protect Consumers’ Personal Information

Accretive Health, Inc., a company that provides medical billing and revenue management services to hospitals around the country, has agreed to settle Federal Trade Commission charges that its inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse.

In its complaint against the Chicago-based business, the FTC alleges the company failed to provide reasonable and appropriate security measures and procedures to protect consumers’ personal information, including sensitive personal health information. Accretive had access to a wealth of personal information about the patients of its hospital clients, including names, dates of birth, Social Security numbers, billing information and medical diagnostic information.

According to the complaint, Accretive’s failure to adequately safeguard such information led to a July 2011 incident in Minneapolis, Minn., where an Accretive employee’s laptop computer, containing 20 million pieces of information on 23,000 patients, was stolen from the passenger compartment of the employee’s car. The Commission alleges that Accretive created unnecessary risks by transporting laptops that contained sensitive personal information in a way that left them vulnerable to theft.

The complaint also alleges that Accretive failed to employ reasonable procedures designed to ensure that employees removed consumers’ personal information that they no longer needed from their computers; and that in certain instances, when the personal health information of consumers was used in training sessions for employees, Accretive failed to remove that information from employees’ computers after the training was finished. In addition, the FTC alleged that Accretive failed to adequately restrict employee access to consumers’ personal information based on an employee’s need for the information.

Under the terms of its settlement with the FTC, Accretive must establish a comprehensive information security program designed to protect consumers’ sensitive personal information. In addition, the company must have the program evaluated both initially and every two years by a certified third party. The settlement will be in force for the next 20 years.

FTC staff also sent a letter to Accretive indicating that it would not recommend an enforcement action related to allegations concerning Accretive’s debt collection practices in hospitals. The letter notes that while staff is declining to recommend a Fair Debt Collection Practices Act case against Accretive at this time, the practice of attempting to collect payment for prior debts from consumers while they are seeking treatment in an emergency room or other medical facility raises serious concerns.

The Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 4-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through Thursday, Jan. 30, 2013, after which the Commission will decide whether to make the proposed consent order final.

Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted online and following the instructions on the web-based form. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC requests that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each future violation of such an order may result in a civil penalty of up to $16,000.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Friday, June 22, 2012

EU-U.S. NEGOTIATING DATA PRIVACY AND PROTECTION AGREEMENT


FROM:  U.S. JUSTICE DEPARTMENT
Thursday, June 21, 2012
Joint Statement on the Negotiation of a EU-U.S. Data Privacy and Protection Agreement by Attorney General Eric Holder and European Commission Vice-President Viviane Reding
Attorney General Eric Holder and European Commission Vice-President Viviane Reding issued the following statement following the EU-U.S. Justice and Home Affairs Ministerial meeting in Copenhagen:

"We reiterate our determination to finalize negotiations on a comprehensive EU-U.S. data privacy and protection agreement that provides a high level of privacy protection for all individuals and thereby facilitates the exchange of data needed to fight crime and terrorism, as announced at the November 2011 summit by our Presidents.   Such an agreement will allow for even closer transatlantic cooperation in the fight against crime and terrorism, through the mutual recognition of a high level of protection afforded equally to citizens of both the United States and the European Union, and will thus facilitate any subsequent agreements concerning the sharing of a specific set of personal data.

“Negotiations have taken place at a steady rhythm since they began in March 2011 and progress has been achieved on a number of provisions. These include important principles such as data security, transparency of data processing or use, accountability, maintaining the quality and integrity of information and the existence of effective authorities ensuring data protection oversight.   We are likewise continuing our work on a number of domains such as purpose limitation, retention of personal data, and effective administrative and judicial redress.

“In view of our common objective to achieve mutual recognition, we will continue to make all efforts to come to a conclusion on these key points.   To this end, we agree to take stock of progress during the EU-U.S. Justice and Home Affairs Ministerial meeting in 2013, and to consider next steps to ensure the continued rapid advancement of the negotiations."

Search This Blog

Translate

White House.gov Press Office Feed