Uber Settles FTC Allegations that It Made Deceptive Privacy and Data Security Claims

Note: A conference call for media with FTC Acting Chairman Maureen K. Ohlhausen and Consumer Protection Acting Director Tom Pahl was held on August 15, 2017. FTC staff took questions from the media.

Uber Technologies, Inc. has agreed to implement a comprehensive privacy program and obtain regular, independent audits to settle Federal Trade Commission charges that the ride-sharing company deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud.

In its complaint, the FTC alleged that the San Francisco-based firm failed to live up to its claims that it closely monitored employee access to consumer and driver data and that it deployed reasonable measures to secure personal information it stored on a third-party cloud provider’s servers.

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said FTC Acting Chairman Maureen K. Ohlhausen. “This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

In the wake of news reports alleging Uber employees were improperly accessing consumer data, the company issued a statement in November 2014 that it had a “strict policy prohibiting” employees from accessing rider and driver data – except for a limited set of legitimate business purposes – and that employee access would be closely monitored on an ongoing basis.

In December 2014, Uber developed an automated system for monitoring employee access to consumer personal information, but the company stopped using it less than a year after it was put in place. The FTC’s complaint alleges that Uber, for more than nine months afterwards, rarely monitored internal access to personal information about users and drivers.

The FTC’s complaint also alleges that despite Uber’s claim that data was “securely stored within our databases,” Uber’s security practices failed to provide reasonable security to prevent unauthorized access to consumers’ personal information in databases Uber stored with a third-party cloud provider. As a result, an intruder accessed personal information about Uber drivers in May 2014, including more than 100,000 names and driver’s license numbers that Uber stored in a datastore operated by Amazon Web Services.

The FTC alleges that Uber did not take reasonable, low-cost measures that could have helped the company prevent the breach. For example, Uber did not require engineers and programmers to use distinct access keys to access personal information stored in the cloud. Instead, Uber allowed them to use a single key that gave them full administrative access to all the data, and did not require multi-factor authentication for accessing the data. In addition, Uber stored sensitive consumer information, including geolocation information, in plain readable text in database back-ups stored in the cloud. 

Under its agreement with the Commission, Uber is:

  • prohibited from misrepresenting how it monitors internal access to consumers’ personal information;
  • prohibited from misrepresenting how it protects and secures that data;
  • required to implement a comprehensive privacy program that addresses privacy risks related to new and existing products and services and protects the privacy and confidentiality of personal information collected by the company; and
  • required to obtain within 180 days, and every two years after that for the next 20 years, independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.

The Commission vote to issue the administrative complaint and to accept the consent agreement was 2-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through September 15, 2017, after which the Commission will decide whether to make the proposed consent order final.

Interested parties can submit comments electronically by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $40,654.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC, NHTSA to Conduct Workshop on June 28 on Privacy, Security Issues Related to Connected, Automated Vehicles
  2. FTC Provides Comment to NTIA on Multistakeholder Initiative to Improve Cybersecurity Vulnerability Disclosure
  3. Terrell McSweeny Begins Term at Federal Trade Commission
  4. FTC Refunds Almost $3.9 Million to Purchasers of Deceptively Advertised Quell Wearable Pain-Relief Device

Telemarketer Fees to Access the FTC’s Do Not Call Registry to Rise Slightly in FY 2018

The Federal Trade Commission has announced FY 2018 fees for telemarketers accessing phone numbers on the National Do Not Call Registry. The annual fees will increase slightly from FY 2017, and are set forth in a Federal Register notice.

All telemarketers calling consumers in the United States are required to download the numbers on the Do Not Call Registry to ensure they do not call consumers who have registered their phone numbers. The first five area codes are free, and organizations that are exempt from the Do Not Call rules, such as some charitable organizations, may obtain the entire list for free. Telemarketers must subscribe each year for access to the Registry numbers.

The FY 2018 Registry access fees will increase slightly based on a reevaluation, as required by the Do‑Not‑Call Registry Fee Extension Act of 2007. Under the Act’s provisions, in FY 2018 telemarketers will pay $62 for yearly access to Registry phone numbers in a single area code (an increase of $1 from FY 2017), up to a maximum charge of $17,021 for all area codes nationwide (up from $16,714 in FY 2017). The fee for accessing an additional area code for a half year will increase to $31.

The Commission vote authorizing publication of the Federal Register notice announcing the new fees was 2-0. The staff contact is Ami Dziekan, Bureau of Consumer Protection, 202‑326‑2648.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC Announces Agenda for the Tenth Session of its Hearings on Competition and Consumer Protection in the 21st Century
  2. FTC Imposes Conditions in Joint Venture among Three Producers of PET Resin
  3. In the Wake of Japan’s Massive Earthquake, FTC Warns Consumers About Potential Charity Scams
  4. FTC Offers Businesses Tips for Dealing with Medical Identity Theft

FTC Approves Final Order Requiring Divestitures of Retail Fuel Stations and Convenience Stores Related to Alimentation Couche-Tard Inc.’s Merger with Competitor CST Brands, Inc.

Following a public comment period, the Federal Trade Commission has approved a final order resolving charges that Alimentation Couche-Tard Inc.’s $4.4 billion acquisition of CST Brands, Inc. would violate federal antitrust laws. The order requires ACT to divest retail fuel stations with convenience stores in 71 local markets to Empire Petroleum Partners.

Under the order, ACT is required to divest certain CST fuel stations in Arizona, Colorado, Florida, Georgia, Louisiana, New Mexico, Ohio, and Texas to Empire, and to give Empire the option of acquiring an additional ACT-owned location in Georgia.

As announced in June 2017, the complaint alleges that without the divestiture the merger would allow the combined entity to raise prices unilaterally in markets in which CST is ACT’s only or closest competitor, and would increase the likelihood of coordinated effects in markets in which three or two competitors would remain. Absent a remedy, the merger would result in a monopoly in 10 of the 71 local markets, and reduce the number of competitors from three to two in the rest of the affected local markets.

The Commission vote approving the final order was 2-0. (FTC File No. 161 0207; the staff contact is Nicholas Bush, Bureau of Competition, 202-326-2848.)

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. Dental Practice Software Provider Settles FTC Charges It Misled Customers About Encryption of Patient Data
  2. FTC Extends Deadline for Public Input on Jewelry Industry Marketing Guides
  3. U.S. Court of Appeals Upholds FTC Opinion and Order in Polypore Matter
  4. FTC Testifies Before Senate Appropriations Subcommittee on the Agency’s FY 2009 Budget Request

Regulatory Capital Treatment of Certain Centrally-Cleared Derivative Contracts Under the FDIC’s Capital Rule

FIL-33-2017
August 14, 2017

Regulatory Capital Treatment of Certain Centrally-Cleared Derivative Contracts Under the FDIC’s Capital Rule

Printable Format:

FIL-33-2017 – PDF (PDF Help)

Summary:

The FDIC is issuing the attached letter that provides supervisory guidance on the regulatory capital treatment of certain centrally-cleared, settled-to-market derivative contracts. Certain central counterparties have revised their rulebooks such that variation margin is considered a settlement payment and not collateral. If an FDIC-supervised institution determines the transfer of variation margin on a centrally-cleared, settled-to-market contract settles any outstanding exposure on the contract and resets the fair value of the contract to zero, the contract’s remaining maturity is the time until the next exchange of variation margin. This guidance may affect a derivative contract’s calculation of potential future exposure, which uses a conversion factor based, in part, on the contract’s remaining maturity.

Statement of Applicability to Institutions with Total Assets Under $1 Billion: This Financial Institution Letter applies to all FDIC-supervised institutions.

Highlights:

  • Under previous rulebooks for certain central counterparties, variation margin on derivative contracts or netting sets was considered collateral. Under revised rulebooks for some central counterparties, variation margin on centrally-cleared derivative contracts is considered a settlement payment.
  • The capital rule determines the trade exposure amount for a derivative based on current credit exposure and potential future exposure. Current credit exposure is determined by reference to the mark-to-fair value of a derivative contract under U.S. generally accepted accounting principles. Potential future exposure is determined in part by a conversion factor that is dependent on the type of contract and its remaining maturity.
  • If the variation margin on a centrally-cleared derivative contract settles outstanding exposure on the contract and resets the fair value to zero, the FDIC-supervised institution may consider the remaining maturity to be the time until the next exchange of variation margin.
  • To conclude that a centrally-cleared derivative contract is settled for purposes of the capital rule, the FDIC-supervised institution should, among other things, determine that ownership of the variation margin has transferred, and the transferor has relinquished all legal claims to the variation margin. The rulebooks of central counterparties may contain additional requirements, such as the payment of fees and expenses, to achieve settlement on centrally-cleared derivative contracts. The legal and accounting analysis performed by the FDIC-supervised institution should consider such requirements.
  • For regulatory capital purposes, an FDIC-supervised institution may apply this guidance to centrally-cleared, settled-to-market derivative contracts beginning as of the date of its issuance.

Related posts:

  1. FDIC Re-Issues its Processing Timeframe Guidelines for Applications, Notices, and Other Requests
  2. Proposed Revisions to the Consolidated Reports of Condition and Income (Call Report)
  3. Proposed Rescission of FDIC Statements of Policy
  4. Regulatory Capital Rule: New Standardized Approach for Calculating the Exposure Amount of Derivative Contracts

Federal Trade Commission Closes Investigation of Honeywell International, Inc. and E.I. DuPont de Nemours & Co.

Federal Trade CommissionHeadquarters:
600 Pennsylvania Avenue, NW
Washington, DC 20580
Contact Us

Related posts:

  1. FTC Denies Dow Chemical’s Application to Modify its 2009 Consent Order Requiring Sale of Chemicals Facility in California
  2. FTC Returns Money to Victims of Timeshare Resale Scam
  3. Marketers Settle FTC Charges That They Used Deceptive Ads In Promoting Products for Mole and Wart Removal, Anti-Aging and Weight Loss
  4. Interagency Working Group Seeks Input on Proposed Voluntary Principles for Marketing Food to Children

FTC Permanently Halts Tech Support Scammer Who Falsely Claimed He Was Acting on Behalf of the Agency

The Federal Trade Commission has obtained a default judgment and permanent injunction halting the activities of a Florida man who allegedly peddled unnecessary tech support services under the deceptive guise of an affiliation with the FTC.

The FTC filed a complaint in April 2017 against Daniel L. Croft, doing business as PC Guru Tech Support and Elite Tech Support, alleging violations of the FTC Act and CAN-SPAM Act. Croft contacted consumers by email and used fake FTC press releases and the names of real FTC staff to trick consumers into contacting him so he could try to sell them unnecessary tech support services, according to the complaint. The FTC’s complaint also alleges that Croft used scare tactics to frighten consumers into contacting him, including claiming that the consumers’ computers were sending out information to hackers or were seriously infected with malware. A federal judge issued a preliminary injunction against Croft in April, which temporarily halted his deceptive tactics.

Under the court’s final order, issued last month, Croft is prohibited from making material misrepresentations, including any misrepresentations about an affiliation with the FTC, other government agencies, or any other person. Croft also is prohibited from sending commercial emails unless they include the sender’s physical address and makes clear that it is an advertisement. In addition, Croft has been ordered to pay more than $52,000.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC Action Puts Deceptive Marketer Out of the Debt Relief Business
  2. FTC Approves Final Order Settling Charges that Coca-Colas Acquisition of its Largest North American Bottler Was Anticompetitive
  3. Federal Trade Commission Proposes Revised “Green Guides”
  4. Alleged Swindlers Agree to Settle FTC Charges of Deceptive Business Opportunity Sales

FTC Extends Public Comment Period on Zero-VOC Paint Claims Cases to September 11

The Federal Trade Commission is extending the public comment period on four recently announced proposed settlements with companies that allegedly deceptively promoted paint products as emission-free or containing zero volatile organic compounds (VOCs), including during and immediately after application.

According to the Commission’s complaints, announced on July 11, 2017, some promotions also made safety claims regarding the effects on babies, children, pregnant women, and other sensitive populations. However, the FTC alleged, the companies had no evidence to support these claims, and each company agreed to settle the charges against them.

The public comment period on the proposed settlements was originally set to close on August 10, 2017. After considering a request by an external party, the Commission has now extended the public comment period for 30 days, through September 11, 2017.

Interested parties can submit comments electronically on one or more of the proposed orders, including: Benjamin Moore & Co., Inc; Imperial Paints, LLC; ICP Construction Inc.; and YOLO Colorhouse, LLC.

The Commission vote authorizing the extension of the public comment period was 2-0. The staff contact is Katherine E. Johnson, Bureau of Consumer Protection, 202-326-2185.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC, USDA Issue Agenda for Roundtable on Consumer Perceptions of “Organic” Claims
  2. FTC to VW Sellers: Don’t Mislead Consumers about Buyback Deal
  3. FTC Approves Final Order Settling Charges that Firm Made False and Unsubstantiated Environmental Claims for its Plastic Lumber Products
  4. FTC Approves Final Order in ‘Green Marketing’ Case Against American Plastic Lumber

FTC Charges Online Marketing Scheme with Deceiving Shoppers

The Federal Trade Commission has charged an online marketing operation with deceptively luring people into an expensive negative option scam using an initial low-cost ($1.03, plus shipping and handling) “trial” offer for tooth whiteners and other products.

A federal court temporarily halted the operation and froze its assets at the request of the FTC, which seeks to end the practices.

According to the FTC, the defendants used a network of 78 companies, at least 87 websites, and dozens of bank accounts to hide their ownership and launder the profits from the scheme. They also drove people to their websites via affiliate networks that generate web traffic with blog posts, banner ads and surveys. For example, some consumers got emails inviting them to fill out surveys falsely claiming to be for well-known merchants such as Kohl’s and Amazon, and were directed to the defendants’ websites to claim a “reward” for completing the survey.

The FTC alleges that, using deceptive claims, hidden fine-print disclosures and confusing terms, the defendants tricked consumers into providing their billing information, and then started charging them about $100 a month unless consumers canceled within 8 days. They also used an order confirmation page to trick consumers into signing up for a second monthly subscription, which cost an additional $100, for an identical product. Because of this double-deception, the defendants charged consumers, who reasonably believed they had agreed to a single shipment for $1.03 plus shipping costs, about $200 a month until they canceled both unauthorized subscriptions.

The defendants are charged with violating the FTC Act and the Restore Online Shoppers’ Confidence Act.

The defendants are Blair McNea, Danielle Foss, Jennifer Johnson, Boulder Creek Internet Solutions Inc., Walnut Street Marketing Inc., and these LLCs: Anasazi Management Partners, RevMountain, Wave Rock, Juniper Solutions, Jasper Woods, Wheeler Peak Marketing, ROIRunner, Cherry Blitz, Flat Iron Avenue, Absolutely Working, Three Lakes, Bridge Ford, How and Why, Spruce River, TrimXT, Elation White, IvoryPro, Doing What’s Possible, RevGuard, RevLive!, Blue Rocket Brands, Convertis, Convertis Marketing, Turtle Mountains, Boulder Black Diamond, Mint House, Thunder Avenue, University & Folsom, Snow Sale, Brand Force, Wild Farms, Salamonie River, Indigo Systems, Night Watch Group, Newport Crossing, Greenville Creek, Brookville Lane, Honey Lake, Condor Canyon, Brass Triangle, Solid Ice, Sandstone Beach, Desert Gecko, Blizzardwhite, Action Pro White, First Class Whitening, Spark Whitening, Titanwhite, Dental Pro At Home, Smile Pro Direct, Circle of Youth Skincare, DermaGlam, Sedona Beauty Secrets, Bella at Home, SkinnyIQ, Body Tropical, and RoadRunner B2C LLC, also doing business as RevGo.

The Commission vote authorizing the staff to file the complaint was 2-0. The U.S. District Court for the District of Nevada entered a temporary restraining order against the defendants on July 25, 2017.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC Wins Key Ruling Allowing Agency to Continue Efforts to Hold Operator of Deceptive Computer Financing Scheme Accountable
  2. FTC Obtains Court Orders Banning Marketer from Negative-Option Sales
  3. FTC Staff Offers Business Guidance Concerning Multi-Level Marketing
  4. FTC Sues Funeral Home for Continuing Failure to Disclose Prices

FTC Files Charges Against Independent Sales Organization and Sales Agents

The Federal Trade Commission has charged 12 defendants with laundering millions of dollars in credit card charges through fraudulent merchant accounts. According to the complaint filed by the FTC, the defendants arranged for a deceptive operation known as Money Now Funding (MNF) to obtain and maintain merchant accounts that allowed it to process almost $6 million through the credit card networks.

In September 2013, the FTC charged MNF with running a deceptive business opportunity scheme that promised consumers they would make thousands of dollars helping small businesses get loans. The court in the MNF matter determined that MNF’s promises were false.

Today’s case alleges that the defendants – an Independent Sales Organization (ISO), sales agents, and their principals – provided the MNF scheme access to the credit card networks  by submitting and approving fraudulent applications in the names of more than 40 fictitious MNF companies. According to the FTC’s complaint, the defendants did so despite obvious signs that the companies were likely fictitious and being used to conceal the true identity of the underlying merchant. By processing the fraudulent MNF scheme’s transactions through merchant accounts opened in the names of fictitious companies, the ISO defendants allegedly also evaded the anti-fraud monitoring efforts of the credit card networks.

In the case announced today, the defendants are charged with violating the FTC Act and the FTC’s Telemarketing Sales Rule.

The ISO defendants are Electronic Payment Systems LLC, Electronic Payment Transfer LLC, John Dorsey, Thomas McCann and Michael Peterson. The sales agent defendants are Electronic Payment Solutions of America Inc., Electronic Payment Services Inc., KMA Merchant Services LLC, Dynasty Merchants LLC, Jay Wigdore, Michael Abdelmesseh, also known as Michael Stewart, and Nikolas Mihilli.

The Commission vote authorizing the staff to file the complaint was 2-0. It was filed in the U.S. District Court for the District of Arizona.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC Releases Reports on Cigarette and Smokeless Tobacco Advertising and Promotion
  2. FTC Tells House Panel that Enforcing the Fair Credit Reporting Act Remains a Priority of the Agency
  3. Subsidiary of Diet Plan Marketer Medifast Inc. to Pay $3.7 Million to Settle FTC Charges
  4. Tea Marketer Misled Consumers, Didn’t Adequately Disclose Payments to Well-Known Influencers, FTC Alleges

FTC Escalates the Fight against Illegal Robocalls Using Consumer Complaints to Aid Industry Call-Blocking Solutions

Every day American consumers report tens of thousands of illegal robocalls to the Federal Trade Commission, and now the FTC is helping put that information to work boosting industry efforts to stop unwanted calls before they reach consumers.

Under a new initiative announced by the FTC, when consumers report Do Not Call or robocall violations to the agency, the robocaller phone numbers consumers provide will be released each day to telecommunications carriers and other industry partners that are implementing call-blocking solutions.

“Sharing the critical information from consumers’ unwanted call complaints to enable industry innovators to stop illegal robocalls is exactly the type of public-private partnership the FTC champions,” said Acting Chairman Maureen K. Ohlhausen.

Unwanted and illegal robocalls are the FTC’s number-one complaint category, with more than 1.9 million complaints filed in the first five months of 2017 alone. By reporting illegal robocalls, consumers help law enforcement efforts to stop the violators behind these calls. In addition, under the initiative announced today, the FTC is now taking steps to provide more data, more often to help power the industry solutions that block illegal calls.

The consumer complaint data is crucial because many of today’s call-blocking solutions rely on “blacklists” — databases of telephone numbers that have received significant consumer complaints — as one way to determine which calls should be blocked or flagged before they reach consumers’ phones.

The new data that FTC is making available also will include the date and time the unwanted call was received, the general subject matter of the call (such as debt reduction, energy, warranties, home security, etc.), and whether the call was a robocall.

When filing a complaint, the FTC makes it easy for consumers to identify the subject of the unwanted call with a drop-down menu on its website. This information is particularly helpful to law enforcement and industry. The data is posted to the FTC website every weekday, with Monday postings including weekend data, and is available on the Do Not Call (DNC) Reported Calls Data webpage.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Related posts:

  1. FTC Approves Final Order with Sherwin-Williams and Valspar, Preserving Competition in the North American Market for Industrial Wood Coatings
  2. FTC Announces Winner of its Internet of Things Home Device Security Contest
  3. Court Orders Ringleader of Scam Targeting Seniors Banned From Telemarketing
  4. FTC, DOJ Announce Changes to Streamline the Premerger Notification Form