< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 600

March 20, 2010

FTC Investigates Widespread Data Breaches Over P2P Networks

The Federal Trade Commission has notified nearly 100 companies and other organizations that sensitive personal data about their customers and employees has been made publicly available over peer-to-peer (P2P) file-sharing networks.  This discovery of widespread data breaches also led the FTC to launch a non-public investigation and send Civil Investigative Demand letters to several entities, requiring them to respond to extensive inquiries about their data collection, usage and security practices.  This investigation underscores the need to enforce strict policies regarding the use of P2P file-sharing software.  It also demonstrates once again the FTC's prominent role as America's most aggressive data security enforcer.

FTC Faults Company for Failing to Lock Down Personal Information

LifeLock, Inc., a company that provides identity theft prevention services and its current CEO have agreed to settle charges by the Federal Trade Commission that it made false or misleading claims about the effectiveness and nature of its service in violation of the FTC Act.  The settlement prohibits LifeLock from further misrepresentation and requires the company to pay $11 million to the FTC for customer refunds and its CEO to pay $10,000.  Separate settlements amounting to $1 million will settle similar charges brought by 35 state attorneys general.  More importantly, the FTC's complaint contains a laundry list of things LifeLock should have done, but didn't, to protect customers' personal information.  This list provides a clear roadmap of the types of security measures that the FTC now appears to consider mandatory for the protection of such information.

Norway Fjords the Encryption Stream

Norway has added another shove to the growing international movement toward requiring encryption of sensitive data.  Earlier this month, Norway's Data Inspectorate issued data security rules mandating encryption of paycheck stubs that are emailed to employees' personal accounts.  (Electronic pay stubs sent to employees' work email addresses do not need to be encrypted, but are subject to other security requirements.)  The rules apply to any employers subject to Norwegian tax laws.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2012 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington