On April 14, the FTC announced  final orders against three U.S. companies, resolving allegations that the companies had falsely represented their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) system in their online privacy policies (see previous InfoBytes post). Following a 30-day public comment period, the Commission voted 2-0 to approve the final orders, which prohibit the companies from “misrepresenting their participation, membership or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization.” Furthermore, the Commission issued a response letter to one of the commenters stating that although the Commission is not authorized to seek civil penalties for an initial violation, upon approval of the final order, one of the companies “will be subject to civil penalties of up to $40,654 per violation per day,” as a compliance incentive and to  deter other companies from engaging in similar conduct.