Yesterday, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, announced the following three major improvements that have been made to FTC orders in data security cases:

  1. Specificity: To counter past criticisms that FTC orders to implement comprehensive information security programs were too vague, FTC orders will now require specific security safeguards that address

I am pleased to announce that Kim Phan, an attorney noted for her work on privacy and data security issues for a variety of industries, including consumer financial services, retail, and higher education, has returned to Ballard Spahr as a partner after a short absence.  She will be based in the firm’s Washington, D.C. office.

Arizona Governor Doug Ducey signed HB 2154 into law on April 11, 2018, amending and strengthening the state’s data breach notification law. Notably, the amended law significantly expands the definition of “personal information” to include a number of new data elements, including online account credentials, certain health information, and biometric data used to authenticate an

The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television

Last week, the Federal Trade Commission (FTC) Bureau of Consumer Protection’s Acting Director, Thomas Pahl, posted on the FTC’s Business Blog about the FTC’s role as the federal agency with the “broadest jurisdiction” to pursue privacy and data security issues. Pahl noted that for over twenty years the FTC has used its authority, “thoughtfully and

On September 29th, the Office of the Inspector General (OIG) that oversees the CFPB released a memorandum detailing the major management challenges facing the CFPB.  The memo identified four areas of improvement that, unless addressed, would otherwise hamper the CFPB’s ability to accomplish its strategic objectives:

  • Ensuring an Effective Information Security Program
  • Ensuring Comprehensive Policies