Yesterday, two FTC officials urged companies, websites and
parties (including third-parties) involved in the online and mobile
ecosystem to reassess and carefully evaluate their data collection,
use and sharing practices in light of the FTC's recent broad
expansion of its online privacy rule for children. [
Click to view our December 19, 2012 blog post]. The FTC
made clear that they would pursue entities that ignored their
obligations. During a webinar hosted by the International
Association of Privacy Professionals, FTC senior attorneys Mamie
Kresses and Phyllis Marcus described the COPPA Rule changes saying
that companies need to examine their data collection practices in
light of technological advances, and that this was the whole
purpose of the new Rule. Since the issuance of the new Rule,
there have been a lot of questions from businesses. While
many of these questions remain unanswered, what is clear is that
companies that never had to think about COPPA before, will now have
To help address some of the uncertainty, the regulators said the
FTC is planning to release a guide for businesses about the new
Rule and said they would not be issuing a static guide, signaling
their input may vary over time leading up to July 1st the effective
date of the new Rule. For instance, FTC Chief Technologist
Steve Bellovin recently proposed that industry should create a
standard--perhaps through the URL - that would allow websites to
explicitly signal their COPPA-covered status to third-parties in a
position to track children with plug-ins, widgets, or other
third-party content or services.
While much uncertainty remains, what is certain is that companies
should be evaluating their data collection practices - in light of
the new COPPA Rule changes - now. A company should identify
the spectrum of third-parties implicated by their websites and
mobile apps in order to determine: (1) which "persistent
identifiers" qualify as personal information subject to the
new Rule, (2) those instances where parental consent can be readily
obtained, and (3) those situations where parental consent is not
desired and the third-party tag or server call will need to either
be removed or replaced with one that is compliant, and (4) those
third-party arrangements which require intensive oversight and
The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity preparedness.
The FFIEC notes cyberattacks have become more common. New platforms, such as cloud and social media, and new technologies, such as mobile devices and applications, are creating new cyberattack opportunities.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
We previously reported here that CNA filed a lawsuit against its insured Cottage Health System seeking reimbursement of amounts that it previously paid under Cottage's cyber liability insurance policy.