Menu

Tag: Data Security

Jun 7, 2018

Is Inadequate Data Security an Unfair Trade Practice?

Doctor's Office: Inadequate Data Security?

In LabMD, Inc. v. Federal Trade Commission, Case No. 16-16270 (decided June 6, 2018) the United States Court of Appeals for the Eleventh Circuit addressed the enforcement of an FTC order finding that a business’s allegedly inadequate data security practices were unfair trade practices under Section 5(a) of the Federal Trade Commission Act. LabMD operated a medical laboratory that conducted diagnostic testing for cancer. Contrary to LabMD policy, an employee installed on a company computer a file-sharing application. That application allowed an outside party to download a file that contained the personal information of thousands of customers. The FTC initiated… Read more

Apr 13, 2015

Canada’s CRTC Levies Fines in Two Email Spam Actions

On July 1, 2014, Canada’s anti-spam legislation (commonly referred to as CASL) came into effect with a focus on uninvited commercial electronic messages (CEMs), including commercial-related emails.  While aspects of the Canadian law are similar to the U.S. CAN-SPAM Act, which sets forth specific compliance requirements for unsolicited commercial email messages sent within the U.S., CASL is arguably stricter in that it requires affirmative consent by the recipient. The Canadian Radio-Television and Telecommunications Commission (CRTC) has lost no time in enforcing the new CASL requirements. On March 5, 2015, the CRTC announced a Notice of Violation along with a proposed… Read more

Apr 9, 2015

FCC Steps Up Data Enforcement Role With $25 Million Fine

The Federal Communications Commission (FCC) announced yesterday that it has entered into a settlement with AT&T Services, Inc. as a result of the FCC’s investigation of a series of data breaches during 2013 and 2014 at AT&T call centers in Mexico, Colombia, and the Philippines. As part of the settlement, AT&T must pay a $25 million civil money penalty — the largest data enforcement ever imposed by the FCC for data privacy and security concerns — provide data breach notification to affected customers and offer those customers credit monitoring services. The data breaches involved over 40 employees who stole sensitive… Read more