We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
The FTC recently settled with the mobile phone
company BLU Products, Inc., over allegations that the company was
letting one of its vendors pull extensive and detailed personal
information off of users' phones. According to the FTC, BLU
phones were pre-loaded with firmware updating tools made by ADUPS
Technology. ADUPS, through its software, was then able to gain full
administrative control of phones, according to the FTC complaint. Indeed, the FTC
alleged that the software transmitted to ADUPS, without users
knowledge, full content of text messages, real-time cell tower
location data, contact lists, call logs, and lists of applications
installed on phones. This became public in November 2016, and BLU
assured consumers on its website that this "unexpected"
data collection practices had stopped. According to the FTC,
though, older devices still had this software.
The FTC alleged that BLU had engaged in deceptive practices,
since its privacy policy said third parties had "access to
personal information needed to perform their services or functions,
but may not use it for other purposes." Instead, the FTC
stated, ADUPS had access to more information than needed to perform
their services. The FTC also found that BLU had been deceptive in
stating that it had "appropriate physical, electronic, and
managerial security procedures." As part of the
settlement, BLU has agreed to implement and maintain a
comprehensive security program and have assessments conducted every
two years (for 20 years) by an external party that is qualified as
a Certified Secure Software Lifecycle Professional. BLU also
agreed to obtain informed express consent from consumers to have
their information shared with third parties. The settlement did not
include payment of civil penalties.
The settlement outlines the type of security program the FTC may
expect companies to have, and contains seven elements. Namely, (1)
having an employee (or employees) in charge of the program, (2)
identifying risks that could result in unauthorized access or
modification of devices, (3) identification of risks that could
result in unauthorized access of personal information, (4)
reasonable safeguards to control identified risks, (5) monitoring
of the effectiveness of risks, (6) developing steps to make sure
services providers are retained that can safeguard personal
information, and (7) evaluating and adjusting the program in light
of changes to business operations or that come out of issues
identified in steps five or six.
Putting it into Practice: This settlement provides a
useful roadmap of FTC expectations regarding security. Although
specific to a mobile device manufacturer, those in related
industries may also want to review their current information
security program against the seven-step model outlined by the FTC
in this settlement.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Never in the history of the U.S. has there been such rapid change in the gambling laws. The recent DOJ decision overturning its 2011 memo on the Wire Act is just the latest in this wave of activity.
This follows closely on the heels of the U.S. Supreme Court’s decision to strike down as unconstitutional PASPA (the Professional and Amateur Sports Protection Act) and the various state laws authorizing fantasy sports and online poker and other online gambling activity. The DOJ’s expansion of the scope of prohibitions under the Wire Act also broadens the scope of UIGEA, which has an impact on financial transaction providers. Billions of dollars are at stake. But does this recent opinion deflate these opportunities?
Value-based payment arrangements are growing in popularity in government healthcare programs and with private payors. Successful value-based payment arrangements require a careful consideration of the compliance and operational issues these arrangements pose as well as the goals for both payors and providers in entering into these arrangements.
We invite you to join Sheppard Mullin and HealthScape Advisors for a webinar that will examine the key compliance and operational considerations for payors and providers in entering into value-based payment arrangements. The presentation will also include a discussion of:
Trends in value-based purchasing as well as the regulatory framework and related considerations for such arrangements.
Healthcare providers' concerns with value-based arrangements as well as the elements of such arrangements that are most important to healthcare providers.
Unique challenges for implementing value-based arrangements for federal health care program business, including avoiding potential liability under the federal Anti-Kickback Statute and False Claims Act.
The annual seminar addressing changes and developments in state and federal wage and hour laws is a unique one-day program and hundreds of California employers, personnel managers, controllers, attorneys, payroll managers, and supervisors attend each year.
This year registrants will receive a free copy of the New 2019 Edition of the WAGE AND HOUR MANUAL FOR CALIFORNIA EMPLOYERS by Attorney Simmons (over 1020 pages). The book is the only one of its kind and is widely recognized as the leading text in its field.
For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of October 15, 2018.
On the heels of the California Consumer Privacy Act ("CCPA"), the state of New York has kicked off the New Year with proposed legislation in the same vein as the CCPA.
CF On Cyber: The GDPR's New Territorial Scope Guidelines
