FTC

Privacy advocate files complaint with FTC over Maricopa County Community College District data breach

The 2013 breach at Maricopa County Community College District (MCCCD)  in Arizona affected approximately 2.5 million faculty, staff, vendors, and students, making it the largest breach involving student information ever reported by a U.S. institution of higher education. A complaint by this privacy advocate alleges violations of the Safeguards Rule.  Having researched and reported on breaches for...

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case

See the companion press release from the FTC in a previous post. Rite Aid Corporation and its 40 affiliated entities (RAC) have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced...

FTC investigates some firms in P2P leaks

Jaikumar Vijayan of Computerworld was able to see a redacted copy of a  letter (Civil Investigative Demand) sent by the FTC to some of the organizations who were found to be leaking information via P2P networks: It showed the agency is seeking information, dating back to mid-2007, on a wide-range of technology and process-related...

ControlScan Settles FTC Charges

ControlScan, a company that consumers have relied on to certify the privacy and security of online retailers and other Web sites, has agreed to settle Federal Trade Commission charges that it misled consumers about how often it monitored the sites and the steps it took to verify their privacy and security practices. The settlements...

FTC extends enforcement deadline for Red Flags rule to 2010

From the why-am-I-not-surprised dept: At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed...

Judge: FTC Cannot Make Lawyers Comply With ID Theft Laws

The Federal Trade Commission cannot force practicing lawyers to comply with new regulations aimed at curbing identity theft, a federal judge ruled today at the U.S. District Court for the District of Columbia. The decision offers a reprieve to law firms across the country, which faced a deadline this weekend to put in place...

FTC settles latest charges against ChoicePoint

ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach...

FTC Approves Consent Order in CVS Case

Following a public comment period, the Commission has approved a final consent order in the CVS Caremark case involving failure to adequately secure customers’ medical and financial data. Prior coverage of the case can be found here. Additional documents on the case can be found here. According to the complaint, CVS Caremark did not...

FTC enforcement of data protection

Since 2001, the FTC has filed charges against 25 businesses for failure to protect consumers’ information. The cases were cited in their May 5th testimony and comments (pdf) in Congress about two bills being considered: H.R. 2221, the Data Accountability and Protection Act, and H.R. 1319, the Informed P2P User Act. The cases fall...