FTC Investigation and Enforcement Trends by Richard B. Newman, April 8, 2018 Privacy and data security-related issues remain a hot-button subject and the parameters are still being defined by the FTC, as well as courts. Recently, the FTC has challenged alleged inadequate data security measures on the basis that they constitute “unfair business practices.” The FTC Act defines unfair business practices as practices that cause or are likely to cause “substantial injury” to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition. The FTC v. D-Link Corporation matter (N. District of California) is noteworthy. Here, the FTC alleged that the defendant misrepresented the level of data security associated with its devices and that it failed to take reasonable steps to protect consumers’ personal information from hackers. D-Link sought dismissal of the Commission’s “unfairness” claim on the basis that there was no concrete consumer harm. The court agreed, holding that the FTC failed to identify an incident in which a consumer’s sensitive personal information had been accessed or misused, stating, “[i]f the FTC had tied the unfairness claim to the representations underlying the deception claims, it might have had a more colorable injury element. A consumer’s purchase of a device that fails to be reasonably secure – let alone as secure as advertised – would likely be in the ballpark of a ‘substantial injury,’ particularly when aggregated across a large group of consumers. But the FTC pursued a different and ultimately untenable track.” Companies with data security practices that do not live up to the promises they make to consumers via marketing materials or privacy policies, are at risk. For example, early this year a children’s technology company – VTech Electronics – settled FTC charges that it failed to abide by the terms of its privacy policy and violated the Children’s Online Privacy Protection Act for failure to acquire verifiable parental consent regarding its data collection practices. Regarding the former, according to the FTC, the company’s privacy policy misrepresented that it encrypted all transmitted registration data that contained personal identification information. The FTC also continues to focus upon recurring payment issues. ROSCA compliance is a regulatory favorite. Simply stated, material terms must be clearly and conspicuously disclosed. Express informed consent is required, as is a simple cancellation mechanism. Most recently, the Commission – and various state AGs – have had a particular interest in business coaching enterprises. All those involved in such activities, including lead generators, should bolster operational compliance protocols. Express and implied representations should be assessed (e.g., earnings claims). Telemarketing components, earnings disclosures, the value of educational materials, the experience of coaches, the compensation structure of sales personnel, the authenticity of reviews, contractual ad content liability shifting-related provision and due diligence assessments are relevant. The FTC has been aggressively expanding the zone of liability for deceptive advertising practices to third-parties. Targets can include, without limitation, affiliate marketers, lead generators, networks, payment processors and product owners. In addition to the foregoing, there are no signs that the FTC will be pumping the brakes any time soon with respect to the enforcement of: Social media endorsement disclosure guidelines Native advertising disclosure requirements Health claim-related substantiation obligations Consult with an advertising, marketing and promotions lawyer for further information regarding recent FTC investigation and enforcement trends, or if you are the subject of a regulatory action. Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements. You can find him on LinkedIn at FTC Attorney. ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777 Filed under: Blue Book, Revenue Tagged under: data security, Ftc attorney, Ftc compliance lawyer, FTC defense lawyer, privacy About the Author Richard B. Newman Richard Newman is an FTC defense lawyer at Hinch Newman LLP. He is a nationally recognized FTC defense lawyer and advertising compliance attorney. He regularly provides advertising counsel and represents clients in high-profile investigations (CIDs) and enforcement proceedings initiated by the Federal Trade Commission, state attorneys general, departments of consumer affairs, and other federal and state agencies with jurisdiction over advertising and marketing practices. Richard’s practice also concentrates upon transactional matters relating to the dissemination of national advertising campaigns, including the gamut of affiliate marketing, telemarketing, lead generation, list management and licensing agreements.