FTC Announces Settlement With TJX, Lexis

The FTC agreed to settle charges with discount retailer TJX and data broker Reed Elsevier. The FTC had sued each of the companies for failing to adequately protect the security of consumer data. Both of the FTC's suits were brought under the unfair trade practices theory under Section 5(a) of the Federal Trade Commission Act, 15 U.S.C § 45(a). The TJX Complaint is available here; the Reed Elsevier Complaint is available here.

Patient Data Exposed Online

Today's Baltimore Sun reports on an incident involving Dental Network, a CareFirst BlueCross BlueShield dental HMO, in which the company accidentally exposed personal information, including Social Security numbers, of about 75,000 members on a public website. A Maryland Law (SB 194) enacted last year requires that businesses notify consumers of a breach of their personal information "as soon as reasonably practicable after the business discovers or is notified of the breach." In this case, it took 3 weeks before CareFirst notified customers of the breach.

Goal Financial Settles Charges Of Failing To Safeguard Sensitive Information

Student loan company Goal Financial LLC has agreed to settle with the FTC over charges that it failed to adequately safeguard sensitive customer information. The FTC's Complaint alleges a number of violations, including violations of the Commission’s Standards for Safeguarding Customer Information Rule, 16 C.F.R. Part 314, and the Commission’s Privacy of Customer Financial Information Rule, 16 C.F.R. Part 313. Also see the Consent Order Agreement.

Identity Theft At Major Financial Institutions

Until recently, there has been no way to compare the relative incidence of identity theft at major financial institutions. Chris Hoofnagle's study "Measuring Identity Theft at Top Banks" uses a novel approach: he compared complaint data from various banks submitted by victims of identity theft, obtained through FOIA requests. The study makes clear that the incidence of identity theft is alarmingly high at our major financial institutions, but that some institutions faired better than others.

More Data Breach Resources

CSOonline has a number of interesting articles on the subject of security breach legislation. First, check out their interactive map of security breach legislation. Also see their articles "What's New With Disclosure Legislation?" (interview with Proskauer Rose attorney Tanya Forsheit) and "The Dos And Don'ts of Disclosure Letters." Finally, see this blog posting on what a federal databreach law would look like.

Anti Cybersquatting Suits Becoming Increasingly Popular

A recent article in the National Law Journal entitled "Suits a new weapon to fight cybersquatters" (subscription) reports that companies are increasingly filing suits under the Anticybersquatting Consumer Protection Act of 1999 (codified at 15 USC 1125(d)) to deal with cybersquatters who profit from their brand names. Traditionally, the preferred route for companies to resolve this type of dispute would have been through arbitration. That method has proved ineffective against increasingly sophisticated cybersquatters. As a results, many companies have begun filing law suits.