FTC Releases 2023 Privacy and Data Security Update

On March 28, the Federal Trade Commission (FTC) released a Privacy and Data Security Update, highlighting the FTC’s activities in recent years through December 2023. The FTC underscored its work on issues related to artificial intelligence (AI), health data, geolocation tracking, children and teens’ data, data security, credit reporting and financial privacy, as well as spam calls and emails. In the update, the FTC noted its consistent call on Congress to restore its ability under Section 13(b) of the FTC Act to seek monetary relief, including consumer refunds, in federal court, and to pass comprehensive privacy legislation.

FTC Releases 2023 Privacy and Data Security Update | Troutman Pepper

?

Artificial Intelligence.

The FTC has brought several enforcement actions, alleging that companies violated the FTC Act or other laws in connection with their collection, retention, or use of consumers’ personal information to develop or deploy machine learning or similar algorithms.

The FTC has also sought to ensure that unlawfully obtained or retained data cannot be used to develop algorithms or for machine learning.

More on AI...

Health Data.

Recent FTC orders have imposed strong injunctive relief, requiring health-related businesses to: (a) stop sharing health information with third parties for advertising purposes, (b) obtain affirmative express consent for other disclosures of health data, (c) instruct third parties to delete improperly disclosed data, (d) provide notice to consumers about illegal third-party disclosures, and (e) establish privacy or data security programs without independent assessments.

In addition, recent FTC orders have included civil penalties under the Health Breach Notification Rule. Last year, the FTC brought an action against a telehealth and drug discount provider for sharing users’ information …..

Geolocation Tracking.

FTC has focused on preventing harm to consumers that can result from exposure of highly sensitive information about an individual’s location, such as their visits to cancer treatment or reproductive clinics, places of worship, or domestic violence shelters.

Children and Teen’s Data.

FTC has brought 42 Children’s Online Privacy Protection Act (COPPA) cases and collected more than $532 million in civil penalties since 2000.

The FTC is continuing in its efforts to update the COPPA Rule to address the evolving methods of collecting, using, and disclosing personal information from children, including those in their ,,,,

Data Security.

FTC has brought 89 enforcement actions against companies alleging inadequate protection of consumers’ personal data.

The FTC noted that it is imposing stronger terms in its data security cases. For example, the update listed new terms in settlements such as requiring the company to implement a comprehensive security program, to obtain robust third-party biennial assessments of the program, and to submit annual certifications by a senior officer about the company’s compliance with the order.

Credit Reporting and Financial Privacy.

?

The FTC has brought 117 cases against companies for violating the Fair Credit Reporting Act (FCRA) and has obtained more than $137 million in civil penalties. According to the FTC, these cases have helped ensure that consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information.

FTC has brought about 35 cases alleging violations of the Gramm-Leach-Bliley Act (GLB). The GLB ….

Spam Calls and Email.

In 2003, the FTC amended the Telemarketing Sales Rule to create a national Do Not Call Registry. Since that time, the FTC has brought 167 cases enforcing Do Not Call provisions against telemarketers.

The Telemarketing Sales Rule was recently amended to cover misrepresentations made in business-to-business calls, …..

full article on t.ly/EiKnV

#FTC #SPAM #healthcare #privacy #geolocation #AI #healthrecords #fintech #creditrepoting