FTC
Subscribe to FTC's Posts

Uber Criminal Complaint Raises the Stakes for Breach Response

On August 20, 2020, a criminal complaint was filed charging Joseph Sullivan, Uber's former chief security officer, with obstruction of justice and misprision of a felony in connection with an alleged attempted cover-up of a 2016 data breach. These are serious charges for which Mr. Sullivan has the presumption of innocence. At the time of the 2016 data breach, Uber was being investigated by the US Federal Trade Commission (FTC) in connection with a prior data breach that occurred in 2014. According to the complaint, the hackers behind the 2016 breach stole a database containing the personal information of about 57 million Uber users and drivers. The hackers contacted Uber to inform the company of the attack and demanded payment in return for their silence. According to the complaint, Uber's response was to attempt to recast the breach as a legitimate event under Uber's "bug bounty" program and pay a bounty. An affidavit submitted with the complaint portrays a...

Continue Reading

Comprehensive Federal Privacy Law Still Pending

The California Consumer Privacy Act (CCPA) has forced companies across the United States (and even globally) to seriously consider how they handle the personal information they collect from consumers. By its terms, however, the CCPA only protects the privacy interests of California residents; other “copy-cat” privacy laws proposed or enacted in other states similarly would only protect the rights of residents of each state. Given the burden on businesses imposed by the rapid proliferation of privacy and data protection laws, including data breach notification obligations, requirements for data transfer mechanisms imposed by international data protection laws (such as the EU General Data Protection Regulation (GDPR)), and the imposition of a variety of data subject rights, a comprehensive US federal privacy bill appears increasingly overdue. In the past year, US legislators have proposed a wide variety of data privacy laws—none of which seems to have gained...

Continue Reading

Upcoming FTC Workshop on Informational Harm | Next Brushstrokes on the FTC’s Consumer Privacy and Security Enforcement Canvas

On September 29, the Federal Trade Commission (FTC) formally announced a December 12th workshop on informational injury—the injury a consumer suffers when information about them is misused. The workshop will address questions such as, how to characterize and measure such injury and what factors businesses and consumers should consider the benefits and risks of collecting, using and providing personal information so as to gain further perspective for how the FTC should apply its legal framework for privacy and security enforcement under 15 USC § 45 (Section 5). In her September 19th remarks to the Federal Communications Bar Association, Commissioner Maureen Ohlhausen, the Acting Chairman of the FTC, metaphorically characterized the workshop’s purpose as providing the next brushstrokes on the unfinished enforcement landscape the FTC is painting on its legal framework canvas. The full list of specific questions to be addressed may be accessed here. Background....

Continue Reading

Regulating the Internet of Toys

New technologies and the expansion of the Internet of Things have allowed children of this generation to experience seamless interactive technologies through microphones, GPS devices, speech recognition, sensors, cameras and other technological capabilities. These advancements create new markets for entertainment and education alike and, in the process, collect endless amounts of data from children–from their names and locations to their likes/dislikes and innermost thoughts. The collection of data through this Internet of Toys is on the tongues of regulators and law enforcement, who are warning parents to be wary when purchasing internet-connected toys and other devices for children. These warnings also extend to connected toy makers, urging companies to comply with children’s privacy rules and signaling that focused enforcement is forthcoming. Federal Trade Commission Makes Clear That Connected Toy Makers Must Comply with COPPA On June 21 2017, the Federal...

Continue Reading

Round Two: Significant Telehealth Expansion Re-Proposed in Bipartisan Senate Bill

On May 3, 2017, the Creating Opportunities Now for Necessary and Effective Care Technologies for Health Act of 2017 (S. 1016) (CONNECT Act of 2017) was reintroduced by the same six senators who had initially introduced the legislation in early 2016 and referred to the Senate Committee on Finance. As we previously reported on February 29, 2016, this iteration of the proposed bill also focuses on promoting cost savings and quality care under the Medicare program through the use of telehealth and remote patient monitoring (RPM) services, and incentivizing such digital health technologies by expanding coverage for them under the Medicare program—albeit using different terminology. Chiefly, the CONNECT Act of 2017 serves as a way to expand telehealth and RPM for Medicare beneficiaries, makes it easier for patients to connect with their health care providers and helps reduce costs for patients and providers. As with the previous iteration, the CONNECT Act of 2017...

Continue Reading

Texas Changes its Tone on Telemedicine

As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Texas has eliminated its most restrictive requirement for delivering care via telemedicine in Texas, increasing opportunities for providers to reach patients using technology.  Senate Bill 1107 was passed on May 11, 2017, and the House added an amendment in passing Senate Bill 1107, which was approved in the Senate on May 18.  The bill was signed into law by Governor Abbott last weekend. Read the full article.

Continue Reading

Texas to Take a Leap Forward in Telehealth – A Proposed Bill Drops the Controversial In-Person Evaluation Requirement

Texas telehealth requirements will significantly change in the near future if Texas Senate Bill 1107 is passed into law, as it removes the controversial “face-to-face” or in-person consultation requirement to establish a physician-patient relationship and lawfully provide telehealth and telemedicine services within the state. This bill comes after a six-year-long battle between telemedicine stakeholders and the Texas Medical Board, and will better align Texas’ regulations with those found in other states. Read the full article.

Continue Reading

FTC Weighs-in on Telehealth, Comments on Delaware’s Occupational Therapy Practice Rule

On August 3, 2016, the Federal Trade Commission (FTC) staff submitted public comments regarding the Delaware Board of Occupational Therapy Practice’s proposed regulation for the provision of occupational therapy services via telehealth in Delaware (the Proposed Regulation).  The FTC’s comments to the Proposed Regulation follow its comments to Alaska’s telehealth legislation earlier this year and evidence its continued focus on telehealth’s ability to foster flexibility in health care delivery by increasing practitioner supply; encouraging competition; and improving access to affordable, quality health care. By way of background, in 2015, Delaware amended its Insurance and Professions and Occupations Code (the Code) to include the regulation of telehealth and telemedicine services, including the delivery of occupational care remotely under existing, in-person standards of care.  Consistent with the Code, the Delaware Board of Occupational Therapy Practice (the...

Continue Reading

FTC Weighs-in on Telehealth: Providing Comments Regarding Alaska’s Proposed Licensure and Standard of Care Requirements

In March 2016, the US Federal Trade Commission (“FTC”) staff submitted public comments regarding the telehealth provisions of a proposed state bill in Alaska demonstrating the FTC’s continued focus on health care competition and general discouragement of anti competitive conduct in health care markets, with a renewed interest and focus on telehealth. By way of background, in March 2015, Alaska State Senator Pete Kelly sponsored Senate Bill 74. The Bill includes a provision that allows physicians licensed in Alaska, but physically located out-of-state, to provide telehealth services in the same manner as licensed physicians located in-state, and affirmatively allows certain Alaska-licensed behavioral health professionals to provide services remotely subject to existing licensure requirements.1 Alaska Senate Bill 74 passed in the Senate on April 14, 2016 and in the House of Representatives on April 17, 2016. The Bill currently awaits signature by the Governor....

Continue Reading

FTC Report Alerts Organizations about the Risks and Rewards of Big Data Analytics

On January 6, the Federal Trade Commission (FTC) released a report that it hopes will educate organizations on the important laws and research that are relevant to big data analytics. The report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, looks specifically at how big data is used after it is collected and analyzed and provides suggestions aimed at maximizing the benefits and minimizing the risks of using big data. Risk and Rewards The report argues that big data analytics can provide numerous opportunities for improvements in society. In addition to more effectively matching products and services to consumers, big data can create opportunities for low income and underserved communities. The report highlights a number of innovative uses of big data that provide benefits to underserved populations, such as increased educational attainment, access to credit through nontraditional methods, specialized health care for underserved...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES