Sharon Kim Schiavetti

Subscribe to all posts by Sharon Kim Schiavetti

Colorado Reaches New High with Strict Data Breach Notification Law

On May 29, Colorado Governor John Hickenlooper signed into law HB18-1128 to strengthen data breach notification requirements for companies and government entities collecting and maintaining personal information from Colorado residents. Effective September 1, covered entities will be required to notify individuals within 30 days of discovery of a security breach, unless the entity is notified … Continue Reading

GDPR SIDEBAR: Should You Be Complying with the New Data Protection Law?

You’ve probably heard of the dreaded four-letter word – GDPR.  Companies around the globe had been preparing for the May 25th implementation date for quite some time.  But U.S.-based companies with no apparent EU presence may not have thought twice about whether the data protection law across the pond even applies to them.  Let’s face … Continue Reading

Government-Mandated Health Warnings in Sweetened Beverage Advertising Found Likely to Chill Protected Free Speech

On September 20, the Ninth Circuit blocked the City and County of San Francisco from implementing an ordinance that would have required health warnings on advertisements for beverages that contain one or more added sweeteners and more than 24 calories per 12 fluid ounces of beverage. The Ninth Circuit’s panel opinion, in reversing a district … Continue Reading

FTC Settles With Lead Generation Firm For Illegally Selling Consumer Data, False Data Security Promises

The FTC announced last week a settlement with Blue Global Media, LLC  and its CEO Christopher Kay.  The company operated 38 Internet domains that solicited online loan applications from consumers.  The applications collected extensive sensitive personal information, including social security numbers, bank routing numbers, credit scores, and incomes. The company represented to consumers it would … Continue Reading

CPSC Acting Chairman Ann Marie Buerkle Emphasizes Collaboration, Balance, and Education

Acting Chairman of the Consumer Product Safety Commission (“CPSC”) Ann Marie Buerkle highlighted her priorities and recent noteworthy developments in a recent newsletter.  She emphasized her desire to collaborate with stakeholders, to take a “balanced and reasonable approach” to regulation when data justifies rulemaking, and to use information campaigns to educate consumers and industry. She shared … Continue Reading

Chairman Kaye Steps Down as CPSC Chair; Republican Buerkle Assumes Role of Acting Chair

Late Wednesday evening, Democrat Elliot Kaye resigned as chair of the Consumer Product Safety Commission.  Republican Commissioner Ann Marie Buerkle has assumed the position of Acting Chair until a new chair is appointed by the President and confirmed by the Senate.  Kaye will remain on the CPSC as a commissioner, with a term set to … Continue Reading

CPSC Commissioner Ann Marie Buerkle Elected Vice Chair; CPSC under Regulatory Freeze

On January 19, 2017, Commissioners at the Consumer Product Safety Commission elected Commissioner Ann Marie Buerkle to be the next vice chair.  Commissioner Buerkle was appointed to the agency by President Obama in May 2013 with a term expiring in October 2018.   As vice chair, Buerkle would become acting CPSC chair if that position is … Continue Reading

Homeland Security Issues IoT Guidance for Businesses

The Department of Homeland Security (DHS) has published non-binding principles and best practices to help businesses work through key Internet-of-Things (IoT) security issues.   Entitled “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0,” the principles seek to provide stakeholders with tools to account for security as they develop, manufacture, implement, or use network-connected … Continue Reading

CPSC Issues Guidance to Encourage the Disclosure of Relevant Consumer Product Safety Information in Private Litigation

On November 29, 2016, the Consumer Product Safety Commission (CPSC) published guidance for private litigants when drafting protective orders, confidentiality agreements, and settlement agreements in litigation related to consumer products within the CPSC’s jurisdiction.  The guidance encourages parties to include a provision in their protective order or settlement agreement that allows for disclosure of relevant … Continue Reading

Do You Venmo? FTC Spotlight on Peer-to-Peer Payments and Crowdfunding

The FTC recently examined peer-to-peer (P2P) payment systems and crowdfunding in the second forum of its FinTech series.  P2P payment systems are online services that allow consumers to share money electronically.  These platforms enable the immediate transfer of money between consumers, typically for free or for a small fee.  In the panel discussion of P2P … Continue Reading

Connected Toys, Augmented Reality as the Next Big (Io)Thing

There has been an uptick in congressional inquiries regarding privacy concerns in the IoT space.  And most recently in the gaming world of augmented reality.  On Tuesday, Senator Al Franken (D-Minn.) initiated a congressional investigation into Niantic, Inc., maker of the Pokémon Go app that has taken the world by storm.  The app uses a smartphone’s … Continue Reading

CFPB’s First Data Security Action; Fines Online Platform Dwolla for Alleged Weak Security Practices

On March 2, the CFPB settled its first data security enforcement action against Iowa-based Dwolla Inc.  Launched as a startup in 2009, Dwolla is an online payment platform that enables customers to transfer money directly to/from their bank accounts.  Since its inception, Dwolla had been collecting customers’ sensitive personal information, including their name, address, date … Continue Reading

The Regulatory Landscape for Indirect Auto Lenders After Ally

In December 2013, the Consumer Financial Protection Bureau (CFPB) announced its first settlement in the indirect auto lending industry. The target company was Ally Financial Inc. and Ally Bank (Ally). The CFPB alleged that Ally had engaged in discriminatory pricing by charging minority consumers higher dealer markups for their auto loans. Ally was ordered to … Continue Reading

FTC as Data Security Cop Affirmed

The U.S. Court of Appeals for the Third Circuit this week affirmed the authority of the Federal Trade Commission (“FTC” or “Commission”) to enforce against companies that lack reasonable cybersecurity practices.  Prior to this ruling, no federal court had adjudicated whether the FTC had authority under 15 U.S.C. § 45(a) (“Section 45(a)”) of the Federal … Continue Reading

Reauthorization of MOU Between CFPB and FTC Promotes Regulatory “Harmony”

The Federal Trade Commission (“FTC”) and the Consumer Financial Protection Bureau (“CFPB”) announced on March 12 the reauthorization of the Memorandum of Understanding (“MOU”) entered into by the two agencies on January 20, 2012.  As in the original, the new MOU addresses coordinated efforts in the areas of law enforcement, rulemaking and guidelines, research, consumer … Continue Reading

NY AG Settlement with Three Largest National Credit Reporting Agencies Promises Critical Reform to Credit Reporting Industry

On March 9, 2015, New York Attorney General Eric Schneiderman announced its settlement with the nation’s three largest national credit reporting agencies (“CRAs”): Experian, Equifax, and TransUnion.  This announcement underscores the recent heightened state and federal regulatory scrutiny in this area, and likely is the first of a wave of broad consumer-facing reforms to the … Continue Reading

CPSC Tags Retailer With $2M Civil Penalty and Enhanced Compliance Program for Allegedly Distributing Recalled Products

Retailer superstore Meijer Inc. is on the hook for allegedly distributing recalled consumer products. In a press release dated September 17, 2014, the Consumer Product Safety Commission (“CPSC”) announced the hypermarket operating 24-hour stores and gas stations in various Midwestern states has agreed to settle charges that it knowingly sold and distributed recalled consumer products. … Continue Reading

FTC Seeks Further Comments on the State of Mobile Security

Following last June’s forum on mobile security, the Federal Trade Commission (“FTC”) again seeks to draw public attention to security issues in the mobile space.  The FTC is soliciting comments from the public on a number of complex security issues discussed at the forum, including current privacy and data security risks in the mobile ecosystem, … Continue Reading

New Virginia Law Prohibits the Release of Employees’ PII

Virginia has passed legislation to prohibit the disclosure of employees’ "personal identifying information" (PII). Effective July 1, 2013, the new law makes it unlawful for an employer to release to a third party any current or former employee’s PII, defined in the following limited way: "home or mobile telephone numbers, email address, shift times, or … Continue Reading

House Passes H.R. 624,Cyber Intelligence Sharing and Protection Act; Obama Administration Responds

Last week, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) (H.R. 624), introduced on February 13, 2013 by House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD). Passage of the bill occurred shortly after the White House threatened to veto CISPA in its current form, … Continue Reading

Senate Confirms Obama Administration Nominee Joshua D. Wright as New Republican FTC Commissioner

Yesterday, the Senate unanimously confirmed Joshua D. Wright to replace J. Thomas Rosch as a Republican commissioner of the Federal Trade Commission (FTC). According to various sources, Wright is widely regarded as the top antitrust scholar of his generation. He is the author of more than 50 scholarly articles and book chapters and co-editor of … Continue Reading

The Future of Privacy Forum Announces First Privacy Seal Program for Energy Usage Data

On October 1, 2012, Washington-based think tank the Future of Privacy Forum (FPF) announced the first privacy seal program for companies processing consumer energy usage data (CEUD) made available through smart meters. The seal will be powered by TRUSTe, a data privacy management company. To create the program, FPF and TRUSTe worked with a number … Continue Reading

The CFPB’s Enforcement Strategy Gleaned From Consumer Complaint Analytics

On August 2, 2012, the Consumer Financial Protection Bureau (CFPB) issued its second Semi-Annual Report to Congress. The report provides an update on the CFPB’s activities since its first report in January 2012 as required under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Many of the agency’s initiatives have been previously discussed, such … Continue Reading

CFPB Defines “Larger Participants” of the Consumer Reporting Market

On July 16, 2012, the Consumer Financial Protection Bureau (CFPB) issued a final rule granting it supervisory authority over leading credit reporting agencies. Those firms newly subject to the CFPB’s oversight include the big three consumer reporting agencies, Equifax, Experian, and TransUnion, as well as nonbank entities engaging in consumer reporting activities with more than $7 … Continue Reading
LexBlog