Insights on Advertising Law,compliance

Boris Segalis, compliance, FACTA, FCRA, FTC, Red Flags

Appeals Court Considers Applicability of the Red Flags Rule to Attorneys

By InfoLawGroup LLP on November 16, 2010

Several news outlets are reporting today on the November 15, 2010 argument before the U.S. Court of Appeals for the D.C. Circuit on the applicability of the Federal Trade Commission's Identity Theft Red Flags Rule.The relevant part of the Rule implements Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) and requires certain creditors to develop and maintain an identity theft prevention program designed to detect, prevent and mitigate fraud attempted or committed through identity theft. The FTC has taken the position that attorneys and law firms are within the scope of the Rule's definition of "creditor" to the extent they allow clients to pay for legal services after the services are preformed. The ABA successfully challenged the applicability of the Rule to attorneys before the D.C. District Court. The FTC appealed that ruling.

compliance, Federal Trade Commission, FTC, guidance, information management, information security, privacy

FTC Launches Privacy Portal

By InfoLawGroup LLP on November 05, 2010

Today, the Federal Trade Commission announced the launch of a business center portal to help businesses understand and comply with privacy and information security requirements that the FTC enforces. The new portal provides centralized access to the FTC's privacy and information security regulations, enforcement actions and guides. The main portal also offers information about compliance with advertising, credit, telemarketing and myriad other requirements. A series of short videos explain what businesses need to know to comply, and the business center blog offers latest compliance tips and information.

compliance, Congress, deadline, extension, FTC, Red Flags Rule

BREAKING NEWS: FTC Extends Compliance Deadline for Red Flags Rule AGAIN to December 31, 2010

By InfoLawGroup LLP on May 28, 2010

In the last hour, the news broke that the FTC has again extended the compliance deadline for the FACTA Red Flags Rule, this time to December 31, 2010, "[a]t the request of several Members of Congress." The FTC's press release of this morning is here. This is the fifth time the FTC has extended the enforcement deadline. As usual, the FTC's extension does not affect "other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight."

compliance, contracting, contracts, privacy, risk management, Security

Contracting for Cloud Computing Services

By InfoLawGroup LLP on May 18, 2010

Nearly every day, businesses are entering into arrangements to save the enterprise what appear tobe significant sums on information technology infrastructure by placing corporate data ''in the cloud.'' Win-win, right? Not so fast. If it seems too good to be true, it probably is. Many of these deals are negotiated quickly, or not negotiated at all, due to the perceived cost savings. Indeed, many are closed not in a conference room with signature blocks, ceremony, and champagne, but in a basement office with the click of a mouse. Unfortunately, with that single click, organizations may be putting the security of their sensitive data (personal information, trade secrets, intellectual property, and more) at risk, and may be overlooking critical compliance requirements of privacy and data security law (not to mention additional regulations). My article "Contracting for Cloud Computing Services: Privacy and Data Security Considerations," published this week in BNA's Privacy & Security Law Report, explores a number of contractual provisions that organizations should consider in purchasing cloud services. You can read the full article here, reprinted with the permission of BNA.

compliance, contract management, data protection, data security, information governance, information security, management, pia, privacy, privacy audit, privacy governance, privacy impact assessment, procurement, risk management, security governance, standards

Information Governance

By W. Scott Blackmer on May 06, 2010

Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.