United States: The Weekly Privacy Rewind – April 23, 2018

Data Breaches

Portable Oxygen Device Maker Inogen Announces Data Breach

• Inogen Inc., which makes portable oxygen devices, reported to the U.S. Securities and Exchange Commission that it experienced a data breach that involved approximately 30,000 current and former customers.
• According to the company's Form 8-K, sometime between Jan. 2 and March 14, unauthorized individuals gained access to an employee's email account, which contained personal information belonging to Inogen oxygen rental customers.
• Inogen "is notifying approximately 30,000 current and former customers of this incident and will provide resources, including credit monitoring and an insurance reimbursement policy, to assist them."

Federal Trade Commission

FTC to Lose Another Commissioner

• FTC Commissioner Terrell McSweeny announced that she will step down on April 28.
• Currently one of two sitting commissioners (along with Acting Chairwoman Maureen Ohlhausen), Commissioner McSweeny has been on the Commission since 2014.
• President Trump has nominated five individuals to bring the FTC to its full complement of commissioners, but none have been approved by the Senate.

GDPR

U.K.'s Enforcement Priorities Won't Change Under GDPR

• In her keynote speech at the International Association of Privacy Professionals' Data Protection Intensive in London, U.K., Information Commissioner Elizabeth Denham alleviated some concerns when she indicated that her office's enforcement priorities will stay the same upon implementation of GDPR.
• According to Commissioner Denham, important factors the ICO considers when it is mulling regulatory action include reporting to and engaging with the office and demonstrating accountability measures. Those factors are as important today as they will be when GDPR goes into effect on May 25.
• Going forward, her three areas of focus will be cybersecurity, artificial intelligence and device tracking, and Commissioner Denham reminded attendees that increasing public trust and confidence in data handling is a high priority for her and her office.

Privacy Research

Majority of Android Apps Marketed to Children in Violation of COPPA

• As reported in a study from the University of California, Berkeley, a majority of Android apps that are marketed toward children under 13 potentially violate the Children's Online Privacy Protection Act (COPPA), primarily because of the apps' use of software development kits (SDKs).
• The study examined almost 6,000 Android apps and found that 4.8 percent of such apps had clear violations of sharing location or contact information without consent, 18 percent shared identifiers for ad targeting, 40 percent shared personal information without proper security protocols, and 39 percent disregarded "contractual obligations aimed at protecting children's privacy."
• The study also found that, although many SDKs in use in children's apps offer the option to disable tracking and behavioral advertising in compliance with COPPA, "a majority of apps ... do not make use of these options," while almost 20 percent of apps collect children's personal information through SDKs whose terms of service prevent their use in children's apps.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.