Chapter 3: Regulatory Enforcement Flashcards
Agency that handles unfair and deceptive trade practices
FTC
Consent decree
Formal agreement between the government and a company on how they will behave
FTC complaint process
Investigation
Complaint
Resolution or Administrative Law court appeal
Federal court appeal
Factors in determining unfair practices
Injures consumer
Violates public policy
Unethical or unscrupulous
Criteria for determining unfair practices
Substantial injury
Injury not outweighed by benefits
Injury must not be reasonably avoidable by consumers
FTC vs. Wyndham Worldwide
Did not live up to their privacy policy with the security investments
FTC vs. LabMD
2016
Inufficient cybersecurity practices
FTC vs. LifeLock
2010
Deceptive advertising
Also must implement stronger security controls
First LifeLock fine
$12 million
Second Lifelock fine
2019
$100 Million
FTC vs. DesignerWare
2012
Spyware and keystroke logger
Order to stop doing this
Deceptive practices
Likely to mislead consumers
Perspective of reasonable consumer(s)
Pracrice is material
Geocities deceptive practices
Sold customer info after saying they wouldn’t
Eli Lilly deceptive practices
Collected patient info and then sent patient identities to all other patients
Nomi deceptive practices
Used sensors to track customers mobile devices without their consent
Snapchat deceptive practices
Told customers that messages and pictures disappeared forever but knew there were workarounds
TRUSTe deceptive practices
Provides certifications of privacy practices. Failed to perform annual recerts.
Facebook 2012 deceptive practices
Shared information about “friends” with 3rd party developers
Facebook 2019 fine
$5 billion
Zoom deceptive practices
Said they had end to end encryption, but they didn’t.
FCC
Responsible for communications
CPNI
Consumer Proprietary Network Information
2014 Verizon FCC enforcement
Used CPNI for marketing without consent
$7.4 Million settlement
TerraComm and YourTel America FCC enforcement
Posted customer info on a public website
Department of Commerce
Handles international privacy agreements
HHS
Implements HIPAA
HHS Lifespan case
$1 million fine for stolen unencrypted laptop with PHI
HHS Jackson Health Systems fine
$2 million for multiple incidents with lost, sold, and leaked patient info
HHS case against a doctor
$100,000 for violating HIPAA security rule
CFPB
Lead federal agency for consumer finnacial protection
GST Factoring CFPB enforcement
$25,000 for illegal telemarketing
Equifax CFPB fine
$575 million for losing records for 147M people
Which agency enforces FERPA
Department of Education
Self-regulation programs
Groups of companies enforce their own standards
PCI DSS
Self-regulation
Security and privacy
NAI
Network Advertising Initiative
Self-regulation focused on digital marketing
NAI publishes…
A code of conduct
NAI code of conduct contains
Privacy practices
Opt-out mechanisms
Security procedures
Where does NAI refer violators?
FTC
Trust marks
Symbols demonstrating independent 3rd party review of privacy standards
Safe harbor agreements
Exempt from prosecution for certain laws if they meet requirements
Privacy Shield
Between the US and EU allowing data transfers if firms comply with GDPR.
Orgs must certify with Privacy Shield.
Found illegal in 2020 with the Schrems II decision
