The Internet of Things and Consumer Protection

Slides:



Advertisements
Similar presentations
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Data Protection Information Management / Jody McKenzie.
Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Protecting Personal Information Guidance for Business.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
The Institutionalization of Business Ethics
Hong Kong Privacy Code on Human Resource Management
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
Supplier Ethics: Program Checklist
Date of Presentation Guidelines for Industry on Child Online Protection © UNICEF/NYHQ /OLIVIER ASSELIN.
Per Anders Eriksson
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
FDA Recalls Risk Communication Advisory Committee David K. Elder Director, Office of Enforcement.
Minnesota Adoption of the Green Book April 16, 2015 Jo Kane Internal Control & Accountability Specialist.
New Data Regulation Law 201 CMR TJX Video.
CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
The Institutionalization of Business Ethics
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.
BUILDING AND ENFORCING COMPETITION LAW AND POLICIES Cao Xuan Quang – VIETNAM COMPETITION AUTHORITY EXPERIENCES FROM VIETNAM Viewpoints in this presentation.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
FTC: Anatomy of a Data Security/Privacy Investigation and the Future of Privacy John Jay College of Criminal Justice Center for Cybercrime Studies November.
Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
AICP New England 13 th Annual Education Day PRIVACY Jenny Erickson Vice President, Legislative and Regulatory Affairs The Life Insurance Association of.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Privacy in the Workplace Roland Hassall, Partner Date: 12 November 2015.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
Privacy Act United States Army (Managerial Training)
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission,
Federal Trade Commission and Consumer Protection Devesh R. Raval U.S. Federal Trade Commission Mexico City March 15, 2016 The views expressed herein are.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.
Blackboard Security System
Privacy and Public Policy Implications of IoT
The Institutionalization of Business Ethics
Security Standard: “reasonable security”
Microsoft 365 Get help with regulatory compliance
Internet of (Every)Things
Chapter 3: IRS and FTC Data Security Rules
SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Anatomy of a Common Cyber Attack
Presentation transcript:

The Internet of Things and Consumer Protection Daniel Kaufman Deputy Director Bureau of Consumer Protection Views expressed are those of the speaker and not necessarily those of the Commission or any Commissioner.

FTC Background Independent law enforcement agency Consumer protection and competition mandate Section 5 of FTC Act prohibits “unfair or deceptive acts of practices” Policy work includes public workshops, Congressional testimony, consumer education, and business guidance Privacy is a consumer protection priority

Enforcement Actions

Common Remedies Prohibition against misrepresentations Comprehensive data security or privacy program, appropriate to company’s size, activities, information collected Third party assessments of programs Other case-specific requirements – e.g., disclosures, software updates Civil penalties for violations

Internet of Things Devices or sensors sold or used by consumers that connect, store, or transmit information with or between each other. Offer many benefits but raise privacy and security concerns. Include health and fitness monitors home security devices, connected cars and household appliances Internet-connected cameras that allow you to post photos online with 1 click, home automation systems that turn on your front porch lights when you leave work, wearable devices that track you daily activity, calories and slepp. Potential benefits include improved health monitoring, safer highways, more efficient energy use.

Internet of Things FTC held a workshop to discuss risks and benefits of IoT. Participants included technologists, academics, consumer advocates and industry representatives. Resulting Staff Report issued in January 2015.

Internet of Things Staff Report Ongoing initiatives Law enforcement Consumer and business education Participation in multi-stakeholder groups Advocacy

Internet of Things Staff Report Four areas of recommendations: Security Data minimization Notice and Choice Legislation.

Internet of Things Staff Report Security Security by design Training and oversight Multi-layered defense Monitor through expected product life cycle

Internet of Things Staff Report Data Minimization Limit collection Retain for limited time

Internet of Things Staff Report Notice and choice No “one-size-fits-all” Innovative approaches identified Response to criticisms

Internet of Things Staff Report Legislation Specific IoT legislation premature Reiterates Commission call for flexible data security and breach notification legislation

Careful Connections: Building the Internet of Things Practical advice for businesses, including: Taking advantage of what experts have learned; Proper authentication; Designing reasonable security measures; Pre-launch testing Default settings; and Communications with customers.

TRENDnet: overview FTC’s first IoT case Security vulnerabilities in IP cameras and mobile apps Attacker accessed hundreds of camera feeds

TRENDnet: design & testing No software security review and testing at key points Failed to implement reasonable guidance or training for responsible employees

Deception and Unfairness Company falsely represented that it had taken reasonable steps to ensure that (1) its cameras and apps could securely monitor private areas of a consumer’s home or workplace and (2) that a user’s security settings will be honored Company failed to provide reasonable security to prevent unauthorized access to live IP camera feeds

TRENDnet: order requirements Required to provide notice to consumers, with technical support to update or uninstall cameras Prohibited from misrepresenting security Required to establish comprehensive security program, with third-party compliance assessments

Daniel Kaufman Dkaufman@ftc.gov (202) 326- 2675 QUESTIONS ? Daniel Kaufman Dkaufman@ftc.gov (202) 326- 2675

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.