FTC Update: DotCom Guidelines Makeover and Enforcement

FTC Seeks to Update DotCom Disclosure Guidelines The FTC has announced that it will revisit the DotCom Disclosure Guidelines originally published in 2000.  Specifically, the FTC is seeking comment on issues such as how to adapt them to the mobile screen and multi-party selling arrangements.  (See blog for complete list).  Comments are due by August 10, 2011. FULL LIST:  (i) what issues have been raised by new online technologies, Internet activities, or features that have emerged since the business guide was issued (e.g., mobile marketing, including screen size) that should be addressed in a revised guidance document?

(ii) What issues raised by new laws or regulations should be addressed in a revised guidance document?

(iii) What research or other information regarding the online marketplace, online advertising techniques, consumer online behavior, or the effectiveness of online disclosures should be considered in a revised guidance document?

(iv) What specific types of online disclosures, if any, raise unique issues that should be considered separately from general disclosure requirements?

(v) What guidance in the original “Dot Com Disclosures” document is outdated or unnecessary?

(vi) What guidance in “Dot Com Disclosures” should be clarified, expanded, strengthened, or limited?

(vi) What issues relating to disclosures have arisen from multi-party selling arrangements in Internet commerce, such as (1) established online sellers providing a platform for other firms to market and sell their products online, (2) website operators being compensated for referring consumers to other Internet sites that offer products and services, and (3) other affiliate marketing arrangements?

FTC/Lookout Consent Decree Provides Data Security Road Map

The FTC’s latest data breach consent decree involves an immigration compliance service provider that failed to safeguard data from unauthorized employee access.  The consent decree provides a checklist of how the FTC expects personally identifiable information to be secured – which you should match against your own procedures. Specifically, the FTC cited the following which Lookout Services failed to or did not do or improperly allowed:  (i) implement reasonable policies and procedures for the security of sensitive consumer information it collected and maintained; (ii) establish or enforce rules sufficient to make user credentials (i.e., user ID and password) hard to guess; (iii) require periodic changes of user credentials, such as every 90 days, for customers and employees with access to sensitive personal information; (iv) suspend user credentials after a certain number of unsuccessful login attempts; (v) adequately assess and address the vulnerability of its web application to widely-known security flaws, such as “predictable resource location,” which enables users to easily predict patterns and manipulate the URL to gain access to secure web pages; (vi) allowed users to bypass the authentication procedures on Lookout’s website when they typed in a specific URL; (vii) employ sufficient measures to detect and prevent unauthorized access to computer networks, such as by employing an intrusion detection system and monitoring system logs; and  (viii) unnecessary risk to personal information by storing passwords used to access the I-9 database in clear text.
 FTC Cracks Down on Fake News Sites 
In a major sting operation, the FTC has cracked down on a slew of fake news websites making false claims about Acai Berry weight loss results.  David Vladeck, Director of the FTC’s Bureau of Consumer Protection noted that, “[a]lmost everything about these sites is fake.The weight loss results, the so-called investigations, the reporters, the consumer testimonials, and the attempt to portray an objective, journalistic endeavor.”

More Info: Analysis of Proposed Consent Order to Aid Public Comment In the Matter of Lookout Services, Inc., File No. 1023076;   Acai Berry Sting: FTC Sues Fake ‘News’ Sites Hawking Diet Products (Associated Content)