Tag Archives: Gramm Leach Bliley Act

FTC Settles Charges of Improper Disposal of Personal Information

Posted on November 8, 2012 by Hunton & Williams LLP

On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint, the FTC maintained that PLS Financial Services, Inc., and The Payday Loan Store of Illinois violated the FTC’s Disposal Rule as well as the Gramm-Leach-Bliley Act’s Privacy Rule and Safeguards Rule by disposing of documents that contained consumers’ Social Security numbers, bank account numbers and credit reports in unsecured dumpsters near the companies’ payday lending and check cashing retail stores. The FTC also alleged that the companies violated the FTC Act by misrepresenting that they would reasonably protect consumer information.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, Illinois, Penalty, Social Security Number, U.S. Federal Law

FTC Finalizes Settlements Relating to P2P Privacy Violations

Posted on November 8, 2012 by Hunton & Williams LLP

On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer (“P2P”) file-sharing software to be installed on the companies’ computer systems. The approved settlements prohibit Georgia auto dealer Franklin’s Budget Car Sales, Inc. (“Franklin”) and Utah-based debt collector EPN, Inc. (“EPN”) from misrepresenting their privacy and information security practices and requires both businesses to establish and maintain a comprehensive information security program subject to biennial, independent, third-party audits for 20 years. The settlement with Franklin also bars the company from violating the Gramm-Leach-Bliley Act (“GLBA”) Safeguards Rule and Privacy Rule.

Continue reading…

Tags: Consumer Protection, Enforcement, Federal Trade Commission, Financial Privacy, Georgia, Gramm Leach Bliley Act, Information Security, Online Privacy, Security Breach, Social Security Number, U.S. Federal Law, Utah

CFPB Indicates Intent to Regulate Service Providers to Financial Institutions

Posted on August 8, 2012 by Hunton & Williams LLP

Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions. Pursuant to Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act and its implementing regulation, Regulation P, the CFPB has authority over certain large banks, credit unions and other consumer financial services companies. The Bulletin notes that the CFPB’s goal is to ensure compliance with “[f]ederal consumer financial law,” which includes the Gramm-Leach-Bliley Act and its implementing regulations, the Privacy Rule and the Safeguards Rule.

Continue reading…

Tags: Consumer Protection, Dodd-Frank Act, Enforcement, Financial Privacy, Gramm Leach Bliley Act, Service Provider

Connecticut Amends State Breach Law Amid Introduction of Federal Breach Notification Legislation

Posted on June 27, 2012 by Hunton & Williams LLP

In recent weeks, both state and federal regulators have considered security breach notification legislation. On June 15, 2012, Connecticut Governor Dannel Malloy signed a budget bill that, among other things, amends the state’s security breach notification law. The changes, which will take effect on October 1, 2012, most notably require businesses to notify the state Attorney General no later than the time when notice of a security breach is provided to state residents. Although the law does not specify when notice must be provided to affected individuals, the law states that such notice must be made “without unreasonable delay,” subject to law enforcement delays and the completion of an investigation by the business to determine the nature and scope of the incident, to identify affected individuals, or to restore the reasonable integrity of the data system. As we previously reported, Vermont also recently amended its breach notification statute to require businesses to notify the state Attorney General within 14 days of discovering a security breach or concurrently when notifying consumers, whichever is sooner.

Continue reading…

Tags: Connecticut, Enforcement, Federal Trade Commission, Gramm Leach Bliley Act, Legislation, Pat Toomey, Penalty, Security Breach, State Attorneys General, U.S. Federal Law, U.S. State Law

FTC Announces Settlements Relating to P2P Data Breaches

Posted on June 14, 2012 by Hunton & Williams LLP

On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses that allegedly exposed customers’ sensitive personal information by allowing peer-to-peer (“P2P”) file-sharing software to be installed on their company computers and networks.

In its complaint against Franklin’s Budget Car Sales (“Franklin”), a Georgia automobile dealership that also provides financing services to its customers, the FTC alleged that Franklin failed to implement reasonable security measures to protect the consumer personal information that Franklin routinely collects in connection with its business. The FTC claimed that personal information of approximately 95,000 customers, including names, Social Security numbers, addresses, dates of birth, and drivers’ license numbers were made available and disclosed by a P2P application installed on a computer that was connected to Franklin’s computer network. In addition to alleging violations of Section 5 of the FTC Act, the FTC also claimed that Franklin violated the Gramm-Leach Bliley Act (“GLB”). This is the first FTC case against an auto dealer involving GLB violations. The FTC stated in its complaint that Franklin failed to implement reasonable security policies and procedures in violation of the GLB Safeguards Rule, and also failed to send consumers annual privacy notices and to provide the required opt-out mechanisms in violation of the GLB Privacy Rule.

Continue reading…

Tags: Consumer Protection, Enforcement, Federal Trade Commission, Georgia, Gramm Leach Bliley Act, International, Online Privacy, Social Security Number, U.S. Federal Law, Utah

Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act

Posted on June 17, 2011 by Hunton & Williams LLP

On June 13, 2011, Representative Mary Bono Mack (R-CA) released a discussion draft of the Secure and Fortify Data Act (the “SAFE Data Act”), which is designed to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.”  Representative Bono Mack is Chairman of the House Subcommittee on Commerce, Manufacturing and Trade.  In a press release, Representative Bono Mack remarked that “E-commerce is a vital and growing part of our economy.  We should take steps to embrace and protect it – and that starts with robust cyber security.”  She added that “consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them.”

Continue reading…

Tags: Consumer Protection, Credit Monitoring, Credit Report, Cybersecurity, Enforcement, Federal Trade Commission, Gramm Leach Bliley Act, HIPAA, Identity Theft, Information Security, Legislation, Online Privacy, Payment Card, Privacy Policy, Security Breach, Social Security Number, State Attorneys General, U.S. Federal Law

Speier Introduces Privacy Legislation Package

Posted on February 11, 2011 by Hunton & Williams LLP

On February 11, 2011, Representative Jackie Speier (D-Calif.) introduced two pieces of legislation that, in her words, “send a clear message—privacy over profit.” The Do Not Track Me Online Act of 2011 (HR 654), would direct the Federal Trade Commission to promulgate regulations that establish standards for a “Do Not Track” mechanism. The regulations also would require covered entities to disclose their information practices to consumers, and to respect consumers’ choices regarding the collection and use of their information. The bill includes a provision that would allow the FTC to exempt from its regulations certain “commonly accepted commercial practices” such as using consumer information to provide and improve products and services, to comply with law, or to carry out basic business functions like accounting, quality assurance or internal auditing.

Continue reading…

Tags: Behavioral Advertising, California, Do Not Track, Enforcement, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, Jackie Speier, Legislation, Online Privacy, U.S. Federal Law

Senator Kerry’s Senior Advisor Provides Key Insight into Forthcoming Privacy Bill

Posted on December 10, 2010 by Hunton & Williams LLP

On December 10, 2010, Senior Advisor to U.S. Senator John Kerry (D-Mass.), Daniel Sepulveda, briefed the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) members on Senator Kerry’s forthcoming privacy legislation.  The bill, which will be introduced next Congress, aims to establish a regulatory framework for the comprehensive protection of individuals’ personal data that authorizes rulemakings by the Federal Trade Commission. Continue reading…

Tags: Accountability, Behavioral Advertising, Centre for Information Policy Leadership, Consumer Protection, Enforcement, Fair Information Practice Principles, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, John Kerry, Legislation, Online Privacy, Personally Identifiable Information, Safe Harbor, U.S. Federal Law

CTFC Proposes New Rules for Consumer Privacy Protection

Posted on October 29, 2010 by Hunton & Williams LLP

On October 27, 2010, the U.S. Commodity Futures Trading Commission (the “CFTC”) issued two notices of proposed rulemaking (“NPRMs”), citing Gramm-Leach-Bliley Act (“GLBA”) privacy rules, and marketing and data disposal rules of the Fair Credit Report Act (“FCRA”).

The proposed rules come in the wake of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which places two new categories of covered entities (i.e., “swap dealers” and “major swap participants”) under the CFTC’s jurisdiction.  Under the proposals, those entities would be subject to certain GLBA privacy rules that regulate the treatment of consumers’ nonpublic personal information, and sections of the FCRA that address affiliate marketing and data disposal.

Continue reading…

Tags: Consumer Protection, Dodd-Frank Act, FCRA, Financial Privacy, Gramm Leach Bliley Act, Marketing

Privacy and Data Security Risks in Cloud Computing

Posted on February 5, 2010 by Hunton & Williams LLP

Cloud computing raises complex legal issues related to privacy and information security.  As legislators and regulators around the world grapple with the privacy and data security implications of cloud computing, companies seeking to implement cloud-based solutions should closely monitor this rapidly evolving legal landscape for developments.  In an article published on February 3, 2010, Lisa Sotto, Bridget Treacy and Melinda McLellan explore U.S. and EU legal requirements applicable to data stored by cloud providers, and highlight some of the risks associated with the use of cloud computing.

Tags: Bridget Treacy, Cloud Computing, Data Transfer, European Union, Gramm Leach Bliley Act, Health Privacy, HIPAA, HITECH Act, Information Security, International, Lisa Sotto, Melinda McLellan, Online Privacy, Security Breach, U.S. State Law, Workplace Privacy