The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

The FTC again announced that it will delay enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.  In its press release announcing this development, the FTC stated that Members of Congress requested the delay. The FTC press release announcing the enforcement delay is available at: http://ftc.gov/opa/2009/10/redflags.shtm
 
Advertisements


Leave a comment

Court Decides that FTC Cannot Make Lawyers Comply With Red Flags Rule

Judge Reggie Walton of the U.S. District Court for the District of Columbia ruled today that the FTC cannot force practicing lawyers to comply with Red Flags Rule.

The FTC’s scheduled enforcement date for the Red Flags Rule is November 1. The American Bar Association challenged the Rule’s applicability to lawyers arguing that it would impose a serious burden on law firms, and sought an injunction and declaratory judgment finding that lawyers were not covered. The FTC replied that lawyers should be covered because billing practices, such as charging clients on a monthly basis rather than upfront, made them “creditors” under the plain language of the Rule.  

Judge Walton rejected the FTC’s definition of a creditor stating that under the FTC’s interpretation, a plumber who charges a customer after working on a toilet for two days also would be considered a "creditor."  

It is not clear at this point whether the FTC will appeal the decision.

An article about this development is available at: http://legaltimes.typepad.com/blt/2009/10/judge-ftc-cannot-make-lawyers-comply-with-identity-theft-laws.html


Leave a comment

Agencies Expected to Publish Final Gramm-Leach-Bliley Act Model Privacy Notice

The federal financial services agencies are expected to shortly announce a proposed-final Gramm-Leach-Bliley Act (“GLBA”) model form privacy notice.  The model notice incorporates financial institutions’ required disclosures pursuant to Section 503 of the GLBA.  Financial institutions that use the form to provide notice to consumers will be deemed in compliance with the privacy notice provisions of the GLBA.  Once adopted and published in the Federal Register, the financial services agencies’ final model notice will take effect in 30 days.

The financial services agencies’ announcement of the final model privacy notice is anticipated in the near future although a draft of the final rule has been circulated.  More information about the model notice is available here.


Leave a comment

DMA Adopts Behavioral Targeting Guidelines

The Direct Marketing Association (DMA) announced additions to its Guidelines for Ethical Business Practices that address online behavioral advertising (OBA) and mobile marketing.   

The new OBA guidelines are designed to follow the previously-released seven Self-Regulatory Principles adopted by DMA; the Association of National Advertisers; the American Association of Advertising Agencies; the Interactive Advertising Bureau; and the Council of Better Business Bureaus.   

Among the new OBA rules is a requirement that when information is collected from or used on a website for online behavioral advertising purposes, visitors should be provided with notice (easy to find, read, and understand) about the third party’s policies for online behavioral advertising.  The rules also describe methods that third parties should use to provide notice about OBA. 

The mobile marketing sections are described as an expansion of DMA’s existing guidelines for wireless communications and require, among other things, prior express consent for mobile marketing.  

A press release announcing and linking to the guidelines is available at: http://www.the-dma.org/cgi/disppressrelease?article=1357


Leave a comment

House Approves Bill to Exempt Certain Entities From FTC Red Flag Rules

 
On Oct. 20 the House approved H.R. 3763, a bill that would exempt certain businesses from the Federal Trade Commission’s (FTC’s) Red Flags Rules. Under the bill, health care, accounting, and legal practices with 20 or fewer employees would be excluded from the Rules definition of a "creditor" and the FTC also would be required to issue new regulations allowing any business to apply for an exemption.
 
To date the Senate has not introduced a companion bill.
The FTC’s enforcement deadline for the Rule is November 1, 2009.
A copy of the bill is available at: http://thomas.loc.gov/cgi-bin/query/D?c111:2:./temp/~c111UByCAO:: Information about the FTC’s Red Flags Rule is available at: http://ftc.gov/redflagsrule


Leave a comment

FTC COPPA enforcement action: Iconix Brand Group, Inc.

The FTC announced a settlement with Inconix Brand Group under which Iconix will pay a $250,000 civil penalty to settle FTC allegations that the company violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents’ permission. 

Iconix owns, licenses, and markets (offline and on its websites) apparel brands including Mudd, Candie’s, Bongo, and OP. The FTC alleged that Iconix required consumers on certain of its websites to provide personal information, such as full name, e-mail address, zip code, and in some cases mailing address, gender, and phone number – as well as date of birth – in order to receive brand updates, enter sweepstakes contests, and participate in interactive brand-awareness campaigns and other website features. On one website, MyMuddWorld.com, Iconix also allegedly enabled girls to publicly share personal stories and photos online. The FTC alleged that in connection with certain of these sites, since 2006, Iconix knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent in violation of COPPA.

Information about the settlement can be found on the FTC’s website, at: http://www.ftc.gov/opa/2009/10/iconix.shtm.

 


Leave a comment

Judiciary Committee Recommends Repeal of Maine Privacy Law

The judiciary committee for Maine legislature voted Friday to recommend the repeal of the controversial Maine privacy law that restricts gathering or publishing information about minors. According to Peggy Reinsch, a committee staff attorney, the committee agreed that the measure is unconstitutional because it violates the First Amendment and affects interstate commerce.  Ms. Reinsch also reportedly stated that the committee is recommending that the legislature draft a more limited measure addressing the collection of minors’ health-related information. An article about this development is available at:

http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=115560