On April 14, the FTC announced final orders against three U.S. companies, resolving allegations that the companies had falsely represented their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) system in their online privacy policies (see previous InfoBytes post). Following a 30-day public comment period, the Commission voted 2-0 to approve the final orders, which prohibit the companies from “misrepresenting their participation, membership or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization.” Furthermore, the Commission issued a response letter to one of the commenters stating that although the Commission is not authorized to seek civil penalties for an initial violation, upon approval of the final order, one of the companies “will be subject to civil penalties of up to $40,654 per violation per day,” as a compliance incentive and to deter other companies from engaging in similar conduct.
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)
- How-to guide How-to guide: How to develop a vulnerability disclosure program (VDP) for your organization to ensure cybersecurity (USA)
- How-to guide How-to guide: How to determine and apply relevant US privacy laws to your organization (USA)