Prosecuting Deceptive Privacy Practices, FTC Weights in on Security, Cybersecurity and Event Planning

Here are this week’s suggestions for summertime weekend reading resources!

  • Using Consumer Protection Statutes to Protect Privacy: Most Canadian provincial consumer protection statutes prohibit false, misleading or deceptive representations (see e.g. s. 14 -17) of the Ontario Consumer Protection Act). If the product or services involve the collection and use of personal information, these provisions could theoretically apply to representations about the company’s personal information handling practices.  A deceptive practice could be prosecuted as a provincial offence. Fines for companies could be up to $250,000. Individual remedies are limited to rescission or damages (including exemplary damages). In the United States, several states have now expressly included misstatements regarding privacy practices in their consumer protection laws, signalling that State Attorney Generals are serious about prosecuting deceptive privacy practices as a consumer protection issue. Baker Hostettler has an interesting comparison of three state laws that you can access here.
  • FTC Provides Guidance on Security: The FTC has been criticized for failing to provide fair warning of what it expects companies to do to protect and secure consumer data. Clearly, the FTC has listened to businesses and is publishing a series of blog posts to describe lessens learned in its investigations and enforcement actions. Read the July 21 post “Stick with Security” here. Upcoming posts can be found here.
  • Cybersecurity, Conferences, Event Planning: Cybersecurity should be on the list of considerations for corporate event planning. I’ve written a short article for my upcoming presentation at IncentiveWorks 2017 conference in August. You can read it here.