Compliance

Where HireRight Solutions went wrong

Retrieved on: 
Saturday, December 3, 2022

Tulsa-based HireRight Solutions is a background screening company that thousands of employers use to check out current employees and people applying for jobs.

Key Points: 
  • Tulsa-based HireRight Solutions is a background screening company that thousands of employers use to check out current employees and people applying for jobs.
  • When it comes to Fair Credit Reporting Act compliance, the FTC says HireRight Solutions got it wrong by not using reasonable procedures to ensure the accuracy of the information it was selling.
  • The upshot: a $2.6 million civil penalty, the second-largest ever in an FTC FCRA case.
  • The background screening reports that HireRight Solutions sells are consumer reports under the FCRA.
  • That's where the FTC says HireRight Solutions didnt get it right.
  • For example, the FTC alleges that HireRight Solutions had a big backlog because it didnt hire enough staff to respond to peoples concerns about inaccuracies.
  • The complaint charges that HireRight Solutions had a system in place for notifying people, but it was too clunky to be of much practical use.
  • In addition to the $2.6 million penalty, the stipulated order puts provisions in place to change how HireRight Solutions does business going forward.

OAIC opens investigation into Medibank over data breach

Retrieved on: 
Friday, December 2, 2022

OAIC opens investigation into Medibank over data breach

Key Points: 
  • OAIC opens investigation into Medibank over data breach
    The Office of the Australian Information Commissioner (OAIC) today commenced an investigation into the personal information handling practices of Medibank in relation to its notifiable data breach.
  • The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs).
  • Given that the breach involves sensitive information, we remind any Medibank customers affected that they may seek assistance through Medibanks helpline.
  • In line with the OAICs Privacy regulatory action policy, the OAIC will await the conclusion of the investigation before commenting further.

Stick with Security: Make sure your service providers implement reasonable security measures

Retrieved on: 
Thursday, December 1, 2022

Even if a breach ultimately traces back to a service providers conduct, from the perspective of a customer or employee whose personal information has been comprised, the buck stops with you.

Key Points: 
  • Even if a breach ultimately traces back to a service providers conduct, from the perspective of a customer or employee whose personal information has been comprised, the buck stops with you.
  • Thats why Start with Security cautions companies to make sure their service providers implement reasonable security measures.
  • Before bringing service providers on board, spell out what you expect in terms of security.
  • Drawn from FTC law enforcement actions, investigations, and questions we get from companies, here are some examples that illustrate steps you can take to encourage your service providers to start with security and stick to it.
  • Before putting it in someone elses control, be sure you know how that information will be used and secured.
  • The company gives the service provider access to account information including customers preferred payment methods and the service provider creates a spreadsheet of the data.
  • The contract between the company and the service provider doesnt include any requirement to maintain reasonable security.
  • Thats why careful companies verify that service providers are complying with security-related contract provisions.
  • In addition, make sure you have a way of monitoring what theyre doing on your behalf.

Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry

Retrieved on: 
Thursday, December 1, 2022

- Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).

Key Points: 
  • - Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).
  • Summary of the Decision
    Origin of the case
    The Irish Supervisory Authority, SA commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet.
  • The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.
  • For further information: Data Protection Commission announces decision in Facebook Data Scraping inquiry

OAIC completes COVIDSafe oversight

Retrieved on: 
Thursday, December 1, 2022

OAIC completes COVIDSafe oversight

Key Points: 
  • OAIC completes COVIDSafe oversight
    The Office of the Australian Information Commissioner (OAIC) has published its final sixmonthly COVIDSafe privacy report and completed its COVIDSafe assessment program, which examined compliance and risk throughout the information lifecycle of COVID app data.
  • The regular reports showed the OAIC did not receive any complaints or data breach notifications with regard to the COVIDSafe system.
  • Note to editors
    - On 16 May 2020, the OAIC was granted additional functions and powers in relation to COVIDSafe under Part VIIIA of the Privacy Act.
  • It enhanced the Commissioners role in dealing with eligible data breaches and conducting assessments and investigations in relation to COVIDSafe and COVID app data.

Location and value of patents

Retrieved on: 
Wednesday, November 30, 2022

The question was how to determine the location and value of the patents for purposes of complying with the requirements of the HSR Act.

Key Points: 
  • The question was how to determine the location and value of the patents for purposes of complying with the requirements of the HSR Act.
  • So, if the fair market value of the U.S. patents was $70.9 million or less, the acquisition would not be reportable.
  • The fair market value of U.S. patents should be determined using a method that is consistent with the method used for determining the value of the overall patent portfolio.
  • That value should include the value of any goodwill, know-how or other intangible assets allocated to those U.S. patents.

OAIC welcomes passing of Privacy Bill

Retrieved on: 
Wednesday, November 30, 2022

OAIC welcomes passing of Privacy Bill

Key Points: 
  • OAIC welcomes passing of Privacy Bill
    The Office of the Australian Information Commissioner (OAIC) welcomes the passing of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which enhances the OAICs ability to regulate in line with community expectations and protect Australians privacy in the digital environment.
  • The Bill introduces significantly increased penalties for serious and or repeated privacy breaches and greater powers for the OAIC to resolve breaches.
  • The updated penalties will bring Australian privacy law into closer alignment with competition and consumer remedies and international penalties under Europes General Data Protection Regulation, Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
  • Commissioner Falk said the Bill was a positive step ahead of the wider review of the Privacy Act 1988.

FTC, States Sue Google and iHeartMedia for Deceptive Ads Promoting the Pixel 4 Smartphone

Retrieved on: 
Tuesday, November 29, 2022

The proposed FTC orders and the state judgments settling the allegations bar Google and iHeartMedia from similar misrepresentations, and the state judgments also require them to pay $9.4 million in penalties.

Key Points: 
  • The proposed FTC orders and the state judgments settling the allegations bar Google and iHeartMedia from similar misrepresentations, and the state judgments also require them to pay $9.4 million in penalties.
  • Google and iHeartMedia paid influencers to promote products they never used, showing a blatant disrespect for truth-in-advertising rules, said Bureau of Consumer Protection Director Samuel Levine.
  • The FTC will not stop working with our partners in the states to crack down on deceptive ads and ensure firms that break the rules pay a price.
  • Consumers expect radio advertisements to be truthful and transparent about products, not misleading with fake endorsements, said Massachusetts Attorney General Maura Healey.
  • Todays settlement holds Google and iHeart accountable for this deceptive ad campaign and ensures compliance with state and federal law moving forward.
  • According to the FTC, in 2019, Google hired iHeartMedia and 11 other radio networks in ten major markets to have on-air personalities record and broadcast endorsements of the Pixel 4 phone.
  • Enforcement Action
    The proposed orders settling the FTCs charges are designed to address the Google and iHeartMedias allegedly illegal conduct.
  • Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov.

FTC, States Sue Google and iHeartMedia for Deceptive Ads Promoting the Pixel 4 Smartphone

Retrieved on: 
Tuesday, November 29, 2022

The proposed FTC orders and the state judgments settling the allegations bar Google and iHeartMedia from similar misrepresentations, and the state judgments also require them to pay $9.4 million in penalties.

Key Points: 
  • The proposed FTC orders and the state judgments settling the allegations bar Google and iHeartMedia from similar misrepresentations, and the state judgments also require them to pay $9.4 million in penalties.
  • Google and iHeartMedia paid influencers to promote products they never used, showing a blatant disrespect for truth-in-advertising rules, said Bureau of Consumer Protection Director Samuel Levine.
  • The FTC will not stop working with our partners in the states to crack down on deceptive ads and ensure firms that break the rules pay a price.
  • Consumers expect radio advertisements to be truthful and transparent about products, not misleading with fake endorsements, said Massachusetts Attorney General Maura Healey.
  • Todays settlement holds Google and iHeart accountable for this deceptive ad campaign and ensures compliance with state and federal law moving forward.
  • According to the FTC, in 2019, Google hired iHeartMedia and 11 other radio networks in ten major markets to have on-air personalities record and broadcast endorsements of the Pixel 4 phone.
  • Enforcement Action
    The proposed orders settling the FTCs charges are designed to address the Google and iHeartMedias allegedly illegal conduct.
  • Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov.