Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FTC sues data broker for unfair sale of sensitive data

    Federal Issues

    On August 29, the FTC announced an action taken against a data broker accused of allegedly selling precise geolocation data from hundreds of millions of mobile devices that can be used to trace individuals’ movements to and from sensitive locations. According to the complaint, the defendant purchases location information from other data brokers and packages it into customized data feeds that match unique mobile device advertising identification numbers with timestamped latitude and longitude locations. These data feeds allow purchasers to identify and track specific mobile device users with no restrictions on usage and puts consumers at significant risk, the FTC claimed, noting that by failing to adequately protect its data from public exposure, consumers may be identified and face substantial injury. Moreover, people are often unaware that their location data is being purchased and shared by the defendant and have no control over its sale or use, the FTC said in its announcement. The complaint alleges the defendant’s unfair sale of sensitive data violates the FTC Act, and seeks a permanent injunction and any additional relief deemed just and proper.

    Federal Issues Privacy, Cyber Risk & Data Security FTC Enforcement Data Brokers FTC Act UDAP Unfair

    Share page with AddThis
  • Dem chairs request info on agency data use

    Privacy, Cyber Risk & Data Security

    On August 16, Chairman of the Committee on the Judiciary Jerrold Nadler (D-NY) and Chairman of the Committee on Homeland Security Bennie Thompson (D-MS) sent a letter to multiple government agency leaders, requesting information on their purchases and use of personal data from data brokers. According to the chairmen, “[c]ompanies participating in the data market acquire user information for package and sale through social media, mobile applications, web hosts, and other sources,” and such products “can include precise details on individuals’ location history, internet activity, and utilities information, to name a few.” The letter further noted that, “improper government acquisition of this data can thwart statutory and constitutional protections designed to protect Americans’ due process rights.” The letter also pointed out that the agencies receiving the letter “have contracts with numerous data brokers, who provide detailed information on millions of Americans.” The chairmen requested a briefing from the agencies, in addition to documents and communications related to contracts the government has had with data brokers, legal analyses on the use of personal data, and parameters and limitations set on the use of the data by the end of August.

    Privacy, Cyber Risk & Data Security Federal Issues Data Collection / Aggregation U.S. House Data Brokers

    Share page with AddThis
  • Nevada updates consumer privacy framework

    State Issues

    On June 2, the Nevada governor signed SB 260, which revises certain provisions under the state’s existing privacy law. Among other things, the act (i) adds “data broker” to the existing privacy framework; (ii) exempts certain persons and information collected about a consumer in the state from requirements imposed on operators, data brokers, and covered information, including consumer reporting agencies, personally identifying information regulated by the FCRA or the federal Driver’s Privacy Protection Act, information collected for the purposes of fraud information, publicly available information, and financial institutions; (iii) prohibits a data broker from selling covered information collected about a consumer in the state if so directed by the consumer, and revises provisions related to the sale of certain covered information about a consumer; (iv) requires data brokers to respond to a consumer’s verified request within 60 days after receipt (a data broker may extend this period by no more than 30 days if an extension is determined to be reasonably necessary); (v) provides data brokers and operators 30 days to remedy violations of the opt-out requirement (provided they have not previously failed to comply with the opt-out requirements); and (vi) updates the definition of “sale” to include “the exchange of covered information for monetary consideration by an operator or data broker to another person.” While existing law already provides the Nevada attorney general with the authority to seek injunctive relief and impose civil penalties of no more than $5,000 per violation, the act extends this authority to cover data brokers. Additionally, the act explicitly does not provide for a private right of action against operators. The act takes effect October 1.

    State Issues State Legislation Privacy/Cyber Risk & Data Security Data Brokers Consumer Protection

    Share page with AddThis
  • Vermont legislation regulates data brokers and provides consumer protections

    Privacy, Cyber Risk & Data Security

    On May 22, a Vermont bill, established to regulate data brokers and provide consumers with protections against companies that collect, analyze, and sell their personal information, was enacted without the governor’s signature. Among other things, H.764: (i) requires data brokers to pay a $100 fee to register annually with the Vermont Secretary of State and publicly disclose information about data collection practices and opt-out policies; (ii) requires companies to implement measures to ensure they have “adequate security standards” to safeguard against data breaches; (iii) prohibits the “acquisition of personal information with the intent to commit wrongful acts”; and (iv) prohibits credit reporting agencies from charging consumers fees for the placement, removal, or temporary lift of a security freeze. The credit freeze provisions became effective upon passage. The data broker provisions take effect January 1, 2019.

    Privacy/Cyber Risk & Data Security State Issues State Legislation Data Breach Data Brokers

    Share page with AddThis