Kathryn Mellinger

Subscribe to all posts by Kathryn Mellinger

FTC Nets $500,000 Settlement for Alleged Consent Order Violation Related to Online Data Collection Practices

Photo of Melinda L. McLellanBy Melinda L. McLellan and Kathryn Mellinger on Posted in Big Data, Enforcement, Online Privacy
On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading

FTC Goes After IoT Device Manufacturer for Alleged Security Vulnerabilities in Routers, IP Cameras

Photo of Melinda L. McLellanBy Melinda L. McLellan and Kathryn Mellinger on Posted in Enforcement, Internet of Things
On January 6, the Federal Trade Commission (FTC) announced that it had filed a complaint against Taiwanese D-Link Corp. and its U.S. subsidiary, D-Link Systems Inc. (D-Link), alleging the company made deceptive claims about the security of its products and engaged in unfair practices that put U.S. consumers’ privacy at risk. The case is noteworthy for … Continue Reading

New York Department of Financial Services Proposes First Rule of Its Kind for Financial Institutions

By Kathryn Mellinger and Suchismita Pahi on Posted in Financial Privacy
In November, we reported on a proposal by the New York Department of Financial Services (NYDFS) for an extensive cybersecurity framework for its regulated financial institutions. Recently, Governor Cuomo announced a proposed rule requiring banks, insurance companies and other financial services institutions regulated by the NYDFS to establish and maintain a strong cybersecurity program. These … Continue Reading

Automotive Industry Organization Releases Recommended Cybersecurity Best Practices

By Kathryn Mellinger on Posted in Automotive Industry
Auto-ISAC is not alone in its efforts to address potential cybersecurity risks imposed by connected vehicles. As we have previously discussed, in 2015 legislators introduced the SPY Car Act, which requires automakers to meet certain vehicle data security standards to combat potential hacking threats. The U.S. Department of Transportation (DOT) notes that it has been … Continue Reading

Balancing Innovation With Privacy Concerns: The FTC Provides Comment on the Internet of Things

By Kathryn Mellinger on Posted in Big Data, Online Privacy
On June 3, 2016, the Federal Trade Commission (FTC) responded to a Request for Comments issued by the Department of Commerce, National Telecommunications and Information Administration (NTIA) regarding the Internet of Things (IoT). The NTIA, which issued its Request for Comments on April 5, 2016, stated that it will use commentary to expand on its … Continue Reading

Nebraska Amends Its Data Breach Notification Statute

By Kathryn Mellinger on Posted in Breach Notification
Since the beginning of 2015, numerous states have amended their data breach notification statutes to include expanded definitions of personal information, clarifications on encryption standards, and new notice content and timing requirements. On April 13, 2016, Nebraska joined this roster when Governor Pete Ricketts signed LB 835 into law, amending Nebraska’s Financial Data Protection and … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

By Kathryn Mellinger and Suchismita Pahi on Posted in Online Privacy
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

EU’s Network and Information Security Directive: Regulating “operators of essential services” and “digital service providers”

By Suchismita Pahi and Kathryn Mellinger on Posted in Cybersecurity
The European Union continues to move forward with a proposed unified framework to strengthen network and information security systems across its member countries. On December 18, 2015, the Permanent Representatives Committee (Coreper) approved a provisional agreement reached on December 7, 2015, by the European Parliament and European Council on the Network and Information Security Directive … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

By Kathryn Mellinger on Posted in Data Breaches, Online Privacy
In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

New York Department of Financial Services Sets Forth Extensive Cybersecurity Regulatory Framework Proposal

By Suchismita Pahi and Kathryn Mellinger on Posted in Cybersecurity, Information Security, State Legislation
On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework proposal for “covered entities,” or financial institutions regulated by NYDFS. The framework builds on data from NYDFS reports surveying cybersecurity programs from … Continue Reading

New PCI Guidance Provides Businesses With Security Incident Response Assistance

By Kathryn Mellinger on Posted in Data Breaches, Payment Card Industry, Retail Industry
A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million, large payment card incidents such as those that occurred at Target and Home Depot … Continue Reading
LexBlog