News

FTC Settles Safe Harbor Enforcement Actions with Six Companies

21 October 2009
Image
Image

In its first wave of Safe Harbor enforcement actions, the Federal Trade Commission announced settlements on October 6th with 6 companies over misrepresentations that they are current with their Safe Harbor certifications.  In each case, the company had self-certified its compliance with the Safe Harbor Program through the Department of Commerce, but did not keep its annual certification current, while still representing that it was a valid member of the Safe Harbor Program.

The FTC brought the enforcement actions under its Section 5 authority, alleging that the companies’ misrepresentations are deceptive.  The scope of the FTC’s actions is limited to the companies’ lapsed certification and did not address whether the companies were compliant with the substantive requirements of the Safe Harbor Program.

The proposed settlement agreements, open for public comment until November 5th, prohibits each company from making representations about its membership in any privacy, security, or any other compliance program sponsored by the government or any other third party.  In addition the proposed terms require each company to comply with reporting and compliance obligations, including the retention of documents relating to its compliance with the order for 5 years and initial compliance reports to the FTC.

The key take-away from these actions is that the FTC is going to be more pro-active in its scrutiny of members of the Safe Harbor Program.  We anticipate more enforcement actions under Section 5 based on misrepresentations about compliance with Safe Harbor obligations, and likely further actions against companies with lapsed certifications.

The FTC complaints, proposed settlements and related documents are available at http://ftc.gov/opa/2009/10/safeharbor.shtm.

 

Authored by the HL Chronicle of Data Protection

Contacts

bio-image

Bret S. Cohen

Partner

location Washington, D.C.

View more

Related topics

Related countries

Related keywords

Load more

Articles you may be interested in

image_1
News

The Data Chronicles | Data protection in the Asia Pacific region | Trends, enforcement, and what’s ahead

17 April 2025
image_1
News

NIST finalizes cybersecurity incident response framework profile aligned with CSF 2.0

14 April 2025
image_1
News

The Data Chronicles | AI issue spotting | AI's growing impact on U.S. antitrust regulation

10 April 2025
image_1
Insights and Analysis

End-to-end encryption: obstacle or pillar of national security?

07 April 2025
image_1
News

The Data Chronicles | AI issue spotting | AI agents' data privacy and governance considerations

03 April 2025
image_1
News

Latombe Case: First hearing for annulment of the EU-U.S. Data Privacy Framework

02 April 2025
image_1
News

Connected vehicles: CNIL’s consultation promotes driver’s consent over fraud and car theft

01 April 2025
image_1
News

Streamlined BCR approval: Understanding the EDPB's updated procedure

31 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | What it means for connected products and related services

27 March 2025
left_arrow
right_arrow

View more insights and analysis

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register