The National Academies Press

Currently Skimming:

VI. FEDERAL ENFORCEMENT ACTIVITIES AND OTHER FEDERAL INITIATIVES
Pages 35-40

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 35... ... an elevated body temperature and that policies should be im- Through this authority, the agency has taken many enforcement plemented to ensure that such persons are not unfairly blocked actions to protect privacy in the United States to include cases from travel if their illness does not threaten public health.269 involving failures to implement reasonable data security pracThis principle also notes that pre-travel temperature screening tices or general privacy concerns.274 In 2020, FTC enforcement of passengers should be done in accordance with the protocols focused on privacy and data security cases and targeted social of the relevant health authorities.270 It further instructs that if an media companies, mobile app developers, data brokers, ad tech airport, airline, or other authority271 makes the decision that it industry participants, retailers, and companies operating in the will bar those with temperatures over a certain threshold from internet of things environment. Most often, this process inflying, the policy should be transparent, posted in advance, and volves the initiation of a complaint by the FTC and the responall passengers should be directly notified of the policy before dent company entering into a settlement with a consent order. Read the entire page →
From page 36... ... Inc.282 The initial complaint concerned Facebook's privacy settings and the operation of the "Privacy Wizard." The FTC found that Additionally, deception cases have included allegations of Facebook's practices allowed third parties access to personal failure to provide adequate data security. Those allegations have data about Facebook users. Read the entire page →
From page 37... ... ; Uber take the following measures: • Limits on collection and use of biometric information; • Development of a comprehensive data security program • Stop misrepresentation with respect to data privacy and with obligations for authentication access control and data security measures encryption; and • Establish a privacy program with the following features: • Several measures for enhancing privacy governance o Designated employee(s) responsible for the privacy within Facebook; program o Appointment of an independent board of director- o Identification of privacy risks level committee to address privacy issues; o Design and implementation of control measures o Appointment of a corporate officer responsible for o Reasonable steps to select and retain service providers privacy who can only be removed by majority vote of to implement the program the ne privacy committee; o Establishment of measures to evaluate and adjust the o Regular independent assessments of privacy practices privacy program. Read the entire page →
From page 38... ... Some of Moving to dismiss the FTC Complaint, Wyndham claimed the deficiencies noted by the FTC included: that it did not have sufficient notice that the alleged deficiencies formed the basis of an unfair practice claim under Section 5 of • Absence of a comprehensive security plan; the FTCA. • Absence of measures to identify commonly known or The Third Circuit concluded that the FTC had stated suf- reasonably foreseeable threats; ficient basis to maintain an unfair practice in with respect to • In adequate measures to prevent unnecessary employee Wyndham's data handling practices. Read the entire page →
From page 39... ... Additionally, with a district court entry of a consent decree and a $2.2 million the new orders will seek to raise the issue of data protection to dollar fine.312 the Board and C-Suite level of organizations.308 Review of the FTC guidance and consent orders informs air- e. Additional FTC Privacy Enforcement Activity and ports and airport stakeholders of the measures the FTC views Rulemaking Authority as critical to adequate data security programs. Read the entire page →
From page 40... ... According to the complaint, these failures led to a breach that af fected more than 147 million people, and exposed millions of names has limited rulemaking authority to regulate deceptive and un and dates of birth, Social Security numbers, physical addresses, and fair trade practices under the provision of the Magnuson-Moss other personal information that could lead to identity theft and fraud. Warranty-FTC Improvement Act.322 Thus far, however, the FTC The settlement, which totals between $575 million and $700 million, has declined to exercise that rulemaking authority to address was part of a global resolution where Equifax settled matters with a privacy protections.323 consumer class action, the Consumer Financial Protection Bureau, and 50 states and territories.317 C Read the entire page →

From page 35...

... an elevated body temperature and that policies should be im- Through this authority, the agency has taken many enforcement plemented to ensure that such persons are not unfairly blocked actions to protect privacy in the United States to include cases from travel if their illness does not threaten public health.269 involving failures to implement reasonable data security pracThis principle also notes that pre-travel temperature screening tices or general privacy concerns.274 In 2020, FTC enforcement of passengers should be done in accordance with the protocols focused on privacy and data security cases and targeted social of the relevant health authorities.270 It further instructs that if an media companies, mobile app developers, data brokers, ad tech airport, airline, or other authority271 makes the decision that it industry participants, retailers, and companies operating in the will bar those with temperatures over a certain threshold from internet of things environment. Most often, this process inflying, the policy should be transparent, posted in advance, and volves the initiation of a complaint by the FTC and the responall passengers should be directly notified of the policy before dent company entering into a settlement with a consent order.

Read the entire page →

From page 36...

... Inc.282 The initial complaint concerned Facebook's privacy settings and the operation of the "Privacy Wizard." The FTC found that Additionally, deception cases have included allegations of Facebook's practices allowed third parties access to personal failure to provide adequate data security. Those allegations have data about Facebook users.

Read the entire page →

From page 37...

... ; Uber take the following measures: • Limits on collection and use of biometric information; • Development of a comprehensive data security program • Stop misrepresentation with respect to data privacy and with obligations for authentication access control and data security measures encryption; and • Establish a privacy program with the following features: • Several measures for enhancing privacy governance o Designated employee(s) responsible for the privacy within Facebook; program o Appointment of an independent board of director- o Identification of privacy risks level committee to address privacy issues; o Design and implementation of control measures o Appointment of a corporate officer responsible for o Reasonable steps to select and retain service providers privacy who can only be removed by majority vote of to implement the program the ne privacy committee; o Establishment of measures to evaluate and adjust the o Regular independent assessments of privacy practices privacy program.

Read the entire page →

From page 38...

... Some of Moving to dismiss the FTC Complaint, Wyndham claimed the deficiencies noted by the FTC included: that it did not have sufficient notice that the alleged deficiencies formed the basis of an unfair practice claim under Section 5 of • Absence of a comprehensive security plan; the FTCA. • Absence of measures to identify commonly known or The Third Circuit concluded that the FTC had stated suf- reasonably foreseeable threats; ficient basis to maintain an unfair practice in with respect to • In adequate measures to prevent unnecessary employee Wyndham's data handling practices.

Read the entire page →

From page 39...

... Additionally, with a district court entry of a consent decree and a $2.2 million the new orders will seek to raise the issue of data protection to dollar fine.312 the Board and C-Suite level of organizations.308 Review of the FTC guidance and consent orders informs air- e. Additional FTC Privacy Enforcement Activity and ports and airport stakeholders of the measures the FTC views Rulemaking Authority as critical to adequate data security programs.

Read the entire page →

From page 40...

... According to the complaint, these failures led to a breach that af fected more than 147 million people, and exposed millions of names has limited rulemaking authority to regulate deceptive and un and dates of birth, Social Security numbers, physical addresses, and fair trade practices under the provision of the Magnuson-Moss other personal information that could lead to identity theft and fraud. Warranty-FTC Improvement Act.322 Thus far, however, the FTC The settlement, which totals between $575 million and $700 million, has declined to exercise that rulemaking authority to address was part of a global resolution where Equifax settled matters with a privacy protections.323 consumer class action, the Consumer Financial Protection Bureau, and 50 states and territories.317 C

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

VI. FEDERAL ENFORCEMENT ACTIVITIES AND OTHER FEDERAL INITIATIVES Pages 35-40

VI. FEDERAL ENFORCEMENT ACTIVITIES AND OTHER FEDERAL INITIATIVES
Pages 35-40