Federal Trade Commission (FTC)

Lyft recently confirmed that it is investigating whether its employees were accessing its customer database without appropriate authorization to obtain personal information, including rides taken by Facebook CEO Mark Zuckerberg. The investigation was announced less than six months after Uber entered into a Federal Trade Commission (FTC) consent order to resolve allegations of similar behavior by its own employees.

The investigation demonstrates the importance of revisiting internal compliance measures in the wake of legal developments that may be relevant to a particular company or industry. Companies need to maintain comprehensive privacy programs to ensure the confidentiality of the personal information that they collect.  Such programs should include, at a minimum: Continue Reading Lyft Employees Demonstrate Need for Privacy Compliance Management

2018 is shaping up to be a potentially momentous year for data privacy, with a number of pending cases whose impact could fundamentally alter the scope of future privacy lawsuits and criminal investigations. This post will take a look at some of these cases and their potential impact.

Carpenter v. United States

We’ll start with Carpenter, which is pending in the U.S. Supreme Court and focuses on whether the Fourth Amendment requires the government to secure a search warrant to obtain a criminal defendant’s cell phone records from his or her cellular service provider. Continue Reading Data Privacy Cases to Watch in 2018

The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television manufacturer), Blue Global (lead generator), Upromise (college rewards program), ACDI Group (an alleged debt buyer), TaxSlayer (tax preparation service), and D-Link (wireless routers and Internet cameras). In addition, the FTC also brought its first actions to enforce the EU-US Privacy Shield in 2017. The FTC report also described its activities relating to international enforcement, children’s privacy, and Do-Not-Call. Continue Reading FTC Releases Annual Privacy and Data Security Update