Tsibouris & Associates Home | Practice Areas | Attorneys | Contact | Publications | Clients | Blog Home

Thursday, January 23, 2014

US-EU Safe Harbor: FTC Proposed Consent Orders with 12 companies for false claims.

Yesterday the FTC announced proposed consent orders with twelve companies that falsely claimed compliance with the Safe Harbor framework.  Interestingly it involved a broad range of companies, including collection agencies and NFL teams(!):
The companies were previously certified, but allowed their certifications to lapse. However, their privacy statements continued to claim they were in compliance, which in turn is a violation of Section 5 of the FTC Act. The FTC did not assert data violations per se, but focused only upon disclosure violations. EU data protection authorities have complained for some time that companies either do not due adequate due diligence of their own practices behind their certifications or let their certifications lapse with impunity.

The moral of the story? Make privacy review and recertification an annual event!

Also, the settlement allows for interested persons to provide public comments on the proposed consent orders through February 20, 2014 before making the consent orders final. We recommend our clients follow this process because it should be enlightening. We will continue to post on the status of this...  Stay tuned!