Thursday, April 9, 2020

Recent FTC CIDs Focusing Upon Financial Privacy

Must read

Immunity Supplement Marketers Face Heightened Regulatory Scrutiny

Immunity supplements and express or implied COVID-19 prevention, treatment, cure or diagnosis-related representations are squarely within the crosshairs. Without limitation, a lack of competent and reliable scientific evidence with respect to the final product formulation - not just a single/handful of ingredient(s) - could prove disastrous for those hurriedly seeking to bring products to market without first ensuring that lawfully adequate substantiation is possessed prior to dissemination of claims.

Skimlinks and Commission Junction Banned from Amazon Affiliate Program

Amazon banned Commission Junction and Skimlinks from Amazon starting in April from running Amazon's affiliate program. These affiliates will not earn a...

Does Coronavirus Excuse Non-Performance Under a Contract?

The Coronavirus outbreak has raised a number of issues relating to contractual performance obligations. An excuse for non-performance of contractual obligations may...

Ways to Avoid Spam Traps in Email Marketing

New research by Trustwave reveals that 26 per cent of spam is infected with malware. As a result spam filters are getting...
Avatar
Richard B. Newmanhttp://www.hinchnewman.com
Richard B. Newman is an Internet Lawyer at Hinch Newman LLP focusing on advertising law, Internet marketing compliance, regulatory defense and digital media matters. His practice involves conducting legal compliance reviews of advertising campaigns across all media channels, regularly representing clients in high-profile investigative proceedings and enforcement actions brought by the Federal Trade Commission and state attorneys general throughout the country, advertising and marketing litigation, advising on email and telemarketing best practice protocol implementation, counseling on eCommerce guidelines and promotional marketing programs, and negotiating and drafting legal agreements.

An interesting trend has been developing with Federal Trade Commission Civil Investigative Demands (CIDs). Of late, the agency has been focusing on deceptive and unfair trade practices related to consumer privacy and/or data security, including the collection, acquisition, use, disclosure, security, storage, retention and disposition of consumer information by financial institutions and/or their affiliates in violation of Section 5 of the FTC Act. Interestingly, CIDs that seek information regarding the public disclosure of consumers’ personal information and/or violations of the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act are becoming more and more commonplace.

Front and center are privacy policies and procedures, disclosures to non-affiliated third-parties and information security.

The Gramm-Leach-Bliley Act requires “financial institutions” to send consumers annual privacy notices and allow them to opt-out of sharing their information with unaffiliated third parties. It also requires financial institutions to implement reasonable security policies and procedures. While the FTC has brought dozens of cases for violations of the GLB Act since 2015, the uptick in related FTC investigations is palpable.

Financial institutions must comply with the Privacy Rule and the Safeguards Rule. The Privacy Rule requires covered companies to provide notices to consumers that explain their privacy policies and practices.  The Safeguards Rule mandates that financial institutions protect the security, confidentiality, and integrity of customer information by implementing and maintaining a comprehensive written information security program.

A cut-and-paste job will no do.

The program has to include administrative, technical, and physical safeguards appropriate to the business’ size, the nature and scope of its activities, and the sensitivity of the customer information at issue. For example, companies have to conduct an assessment of how customers’ information could be at risk and then implement safeguards to address those risks.

Are you collecting Social Security number, phone number, address, income, marital status, debts, health insurance, bank names, account numbers, etc.? Is such information reasonably vulnerable to attack?

Privacy notices must be properly delivered. Become familiar with model notices. Appropriate authentication procedures should be utilized. Evaluate and adjust data privacy their programs in light of changes to business operations.

The same can be said of FCRA investigations. The Fair Credit Reporting Act sets out rules for companies that use data to determine creditworthiness, insurance eligibility, suitability for employment and to screen tenants. The FTC has brought over 100 FCRA cases against companies for credit-reporting problems, including, but not limited to, inadequate policies and procedures.

In addition to the foregoing privacy and data security-centric investigative matters, the FTC applies is core enforcement resources to protect consumers against misconduct by providers of financial services. From abusive debt collectors to unscrupulous payday lenders, and deceptive student loan debt-relief operators to phony credit-repair services. Lead generators that directly participate in another’s fraud or provide substantial support while ignoring obvious warning signs of another’s illegal activity are increasingly the subject of civil investigations and enforcement actions.

Learn more about recent Federal Trade Commission investigations and enforcement actions by contacting the author at rnewman@hinchnewman.com or by visiting his website at ftcdefenselawyer.com.

Richard B. Newman is an FTC compliance and defense lawyer at Hinch Newman LLP. Follow him on LinkedIn and Facebook.

Attorney advertising.  Informational purposes only.  These materials are not legal advice, nor do they create a lawyer-client relationship. 

- Advertisement -

More articles

What's your opinion?

- Advertisement -

Latest article

Immunity Supplement Marketers Face Heightened Regulatory Scrutiny

Immunity supplements and express or implied COVID-19 prevention, treatment, cure or diagnosis-related representations are squarely within the crosshairs. Without limitation, a lack of competent and reliable scientific evidence with respect to the final product formulation - not just a single/handful of ingredient(s) - could prove disastrous for those hurriedly seeking to bring products to market without first ensuring that lawfully adequate substantiation is possessed prior to dissemination of claims.

Skimlinks and Commission Junction Banned from Amazon Affiliate Program

Amazon banned Commission Junction and Skimlinks from Amazon starting in April from running Amazon's affiliate program. These affiliates will not earn a...

Does Coronavirus Excuse Non-Performance Under a Contract?

The Coronavirus outbreak has raised a number of issues relating to contractual performance obligations. An excuse for non-performance of contractual obligations may...

Ways to Avoid Spam Traps in Email Marketing

New research by Trustwave reveals that 26 per cent of spam is infected with malware. As a result spam filters are getting...

How to do Email Marketing During Coronovirus

During a crisis, your email communication can make or break your business. Even more importantly, it can help, hurt, or confuse people.  You...