FTC Seeks Comment as Part of Review of Health Breach Notification Rule

The Federal Trade Commission is seeking comment on whether proposed changes should be made to a decade-old rule that requires certain companies that provide or service personal health records to notify consumers and the Commission of a data breach. The Health Breach Notification Rule, which went into effective in 2009, requires vendors of personal health […]

FTC Finalizes Settlement with Online Rewards Website That Allegedly Failed to Implement Reasonable Data Security

The operator of an online rewards website will be required to implement a comprehensive information security program before collecting personal information as part of a final settlement with the Federal Trade Commission related to allegations that he failed to take reasonable steps to protect personal data. In a complaint, the FTC alleged that James V. […]

FTC Launches National Campaign with Resources to Assist Small Businesses with Cybersecurity

Today, the Federal Trade Commission, along with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA), launched a national education campaign to help small business owners understand common cyber threats and how they can help protect their businesses. The campaign grew out of a […]

FTC to Launch Campaign to Help Small Businesses Strengthen Their Cyber Defenses

The Federal Trade Commission is launching a national education campaign to help small businesses strengthen their cyber defenses and protect sensitive data that they store. As outlined in a new Staff Perspective report, the FTC will develop and distribute reader-friendly educational materials with information about cybersecurity that small businesses need. The effort grew out of […]

Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security

Note: A conference call for media with FTC Acting Chairman Maureen K. Ohlhausen and Acting Director of the Bureau of Consumer Protection Tom Pahl was held on September 5, 2017. Time: 11 a.m. ET. FTC staff were available to take questions from the media. Lenovo Inc., one of the world’s largest computer manufacturers, has agreed […]

Membership Reward Service Upromise Penalized for Violating FTC Order

A membership reward service called Upromise, aimed at consumers trying to save for college, will pay a $500,000 civil penalty to settle allegations that it violated the terms of a Federal Trade Commission order requiring the company to make disclosures about its data collection and use and to obtain third-party assessments of its data collection […]

What to Do When You Suspect a Data Breach: FTC Issues Video and Guide for Businesses

If your business has experienced a data breach, you are probably wondering what to do next. The Federal Trade Commission’s new Data Breach Response: A Guide for Business, an accompanying video and business blog can help you figure out what steps to take and whom to contact. Among the key steps are securing physical areas, […]

FTC Blog Post Outlines How NIST Cybersecurity Framework Relates to FTC Data Security Program

A new blog post from the Federal Trade Commission provides guidance to businesses on how the cybersecurity framework created by the National Institute for Standards and Technology (NIST) aligns with the FTC’s data security program. The post outlines the key elements of the NIST framework and how it relates to the FTC’s long-standing approach to […]

Commission Finds LabMD Liable for Unfair Data Security Practices

The Federal Trade Commission today announced the issuance of an Opinion and Final Order reversing an Administrative Law Judge (ALJ) Initial Decision that had dismissed FTC charges against medical testing laboratory LabMD, Inc. In reversing the ALJ ruling, the Commission concludes that LabMD’s data security practices were unreasonable and constitute an unfair act or practice […]