In January, the president and congressional leaders called for cooperation in passing cybersecurity legislation to address the growing threats faced by American businesses and consumers. The president called for Congress to pass legislation that would establish a federal data breach standard and give the Federal Trade Commission enforcement and rulemaking authority to implement the law. Legislation has already been introduced in the Senate and House directing the FTC to promulgate regulations requiring entities that own or possess personal information to have policies and procedures to protect that information.
Beginning in 2005 with the BJ’s Wholesale Club case, the FTC began to bring actions against companies whose cybersecurity practices it deemed to be inherently “unfair” or unreasonable, independent of whether the company had made any claims about its security practices. In eight cases since the BJ’s Wholesale Club case, the FTC has relied exclusively upon its “unfairness” authority to Bruce Heiman establish de facto cybersecurity standards for a broad swath of the American economy (without also asserting a deception claim).
One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices.
Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices.
Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States—more so than nearly any privacy statute or any common law tort.
Assurant Field Asset Services (AFAS) is a subsidiary of Assurant whom recently had a Publicly Identifiable Information (PII) Spillage. Let’s not bullshit around Assurant, the insurance company and parent to AFAS, has been involved in totality with nearly a billion dollars in settlements vis-a-vis JPMorgan Chase, et cetera, ad nauseum. To say that Assurant, in its new capacity as AFAS is a babe in the woods, is to say that a rapist gains no self gratification when performing their sadistic act. Assurant has been around the block and that’s putting it mildly. As a multinational insurance conglomerate, Assurant and its subsidiary, AFAS, knew well what type of eventualities would ultimately float to the top.
The Federal Trade Commission (FTC) received more than 3 million consumer complaints in 2015 with debt collection topping the list, according to its newly released Consumer Sentinel Network Data Book. The annual report, which does not include do-not-call complaints, provides national and state-by-state data on consumer complaints received by the FTC.
When Jason Rosenberg, of Alston & Bird, reached out to Foreclosurepedia it was like a red headed stepchild coming home. I like to think that there is a special love-hate relationship between he and I. What I mean is that I respect Rosenberg; I like the fact that we engage from a pseudo Counselor – Barrister point-of-view in that there is no dumbing down of the issues. We are both comfortable with the compartmentalization of information as it pertains to a need to know environment. The fact that he, as Counselor, may not trespass upon the release of Attorney – Client privileged information; I, myself, as a former intelligence professional, understand the fact that you take names to the grave. While burn notices are issued, from time-to-time, discussions like we have are sacrosanct.
Jason Rosenberg, a partner in the Atlanta office, is a member of the firm’s [Alston & Bird LLP] Intellectual Property-Trademark & Copyright Group. Jason focuses his practice on trademark, copyright and advertising enforcement, litigation and counseling, as well as adversarial matters before the Trademark Trial & Appeal Board of the U.S. Patent & Trademark Office.
Rosenberg and I do not agree with every point we discuss. Fact of the matter is that in the instant case, I feel Counselor Rosenberg has missed the mark in that allowing his Client to remain silent flies in the face of well founded protocol and law. This is not the normal, run-of-the-mill, Mortgage Field Services Industry data breach; this data breach is a serious matter as not only are the expendable contractors — and I am loath to use that term is these are W2 personnel, not W-9 — we are dealing with Realtors and Vendors as well. This brings the normal, Industry Deep Six Maneuver which has been perfected by so many National Association of Mortgage Field Services (NAMFS) Offender Members, to a screeching hault.
Look, state, state, federal and international law all deal with this head on — no wiggle room. Below, you will see precisely how Florida deals with it and like all things in Florida it does not bullshit around in the least which is, what I respectfully submit to Counselor Rosenberg, precisely what AFAS is currently doing.
Karen Booth has a great piece on Florida’s law signed into effect on 01 July 2014, over on Law360. AFAS and Counselor Rosenberg would do well to take a read through it.
Florida Gov. Rick Scott recently signed the Florida Information Protection Act of 2014 (SB 1524) into law, amending Florida’s breach notification statute effective July 1, 2014.
Counselor Rosenberg had this to say with respect to his Client, Assurant Field Asset Services (AFAS) and their opinion of transparency,
Assurant has fully investigated this matter. It has complied with all applicable laws, and notified the appropriate parties.
A violation of the FIPA is an unfair or deceptive trade practice subject to an action by the Attorney General under Florida’s Deceptive and Unfair Trade Practices Act against the covered entity or third-party agent. A covered entity that does not properly notify affected individuals or the Attorney General may be fined up to $500,000 per breach, depending on the number of days in which the covered entity is in violation of the FIPA. The law creates no private cause of action, nor does the presumed FDUTPA violation for the Attorney General appear to apply to a private action under FDUTPA. When juxtaposed with the Settlements over the forced place insurance kick backs, it pales in comparison.
Tomorrow, we roll out the type of opinion which the Foreclosurepedia Nation has come to expect. We roll it out in a manner which only a trained media professional, such as myself, is capable of doing. We serve up precisely what Foreclosurepedia believes AFAS should be court ordered to implement — it is obvious that the Fox Guarding the Chicken Coop is not working. Don’t miss it!
These are the Data Breech Laws for each of the 50 States and Territories,
State Citation Alaska Alaska Stat. § 45.48.010 et seq. Arizona Ariz. Rev. Stat. § 44-7501 Arkansas Ark. Code § 4-110-101 et seq. California Cal. Civ. Code §§ 1798.29, 1798.80 et seq. Colorado Colo. Rev. Stat. § 6-1-716 Connecticut Conn. Gen Stat. § 36a-701b, 2015 S.B. 949, Public Act 15-142 Delaware Del. Code tit. 6, § 12B-101 et seq. Florida Fla. Stat. §§ 501.171, 282.0041, 282.318(2)(i) Georgia Ga. Code §§ 10-1-910, -911, -912; § 46-5-214 Hawaii Haw. Rev. Stat. § 487N-1 et seq. Idaho Idaho Stat. §§ 28-51-104 to -107 Illinois 815 ILCS §§ 530/1 to 530/25 Indiana Ind. Code §§ 4-1-11 et seq., 24-4.9 et seq. Iowa Iowa Code §§ 715C.1, 715C.2 Kansas Kan. Stat. § 50-7a01 et seq. Kentucky KRS § 365.732, KRS §§ 61.931 to 61.934 Louisiana La. Rev. Stat. §§ 51:3071 et seq., 40:1300.111 to .116 Maine Me. Rev. Stat. tit. 10 § 1347 et seq. Maryland Md. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308 Massachusetts Mass. Gen. Laws § 93H-1 et seq. Michigan Mich. Comp. Laws §§ 445.63, 445.72 Minnesota Minn. Stat. §§ 325E.61, 325E.64 Mississippi Miss. Code § 75-24-29 Missouri Mo. Rev. Stat. § 407.1500 Montana Mont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq., 33-19-321 Nebraska Neb. Rev. Stat. §§ 87-801, -802, -803, -804, -805, -806, -807 Nevada Nev. Rev. Stat. §§ 603A.010 et seq., 242.183 New Hampshire N.H. Rev. Stat. §§ 359-C:19, -C:20, -C:21; 189:66 New Jersey N.J. Stat. § 56:8-161, -163 New York N.Y. Gen. Bus. Law § 899-aa, N.Y. State Tech. Law 208 North Carolina N.C. Gen. Stat §§ 75-61, 75-65 North Dakota N.D. Cent. Code §§ 51-30-01 et seq., 51-59-34(4)(d) Ohio Ohio Rev. Code §§ 1347.12, 1349.19, 1349.191, 1349.192 Oklahoma Okla. Stat. §§ 74-3113.1, 24-161 to -166 Oregon Oregon Rev. Stat. § 646A.600 to .628, 2015 S.B. 601, Chap. 357 Pennsylvania 73 Pa. Stat. § 2301 et seq. Rhode Island R.I. Gen. Laws § 11-49.2-1 et seq., 2015 S.B. 134, Public Law 2015-138, 2015 H.B. 5220, Public Law 2015-148 South Carolina S.C. Code § 39-1-90, 2013 H.B. 3248 Tennessee Tenn. Code § 47-18-2107; § 8-4-119 (2015 S.B. 416, Chap. 42) Texas Tex. Bus. & Com. Code §§ 521.002, 521.053; Tex. Ed. Code § 37.007(b)(5); Tex. Pen. Code § 33.02 Utah Utah Code §§ 13-44-101 et seq.; § 53A-13-301(6) Vermont Vt. Stat. tit. 9 § 2430, 2435 Virginia Va. Code § 18.2-186.6, § 32.1-127.1:05, § 22.1-20.2 Washington Wash. Rev. Code § 19.255.010, 42.56.590, 2015 H.B. 1078 West Virginia W.V. Code §§ 46A-2A-101 et seq. Wisconsin Wis. Stat. § 134.98 Wyoming Wyo. Stat. § 40-12-501 et seq. District of Columbia D.C. Code § 28- 3851 et seq. Guam 9 GCA § 48-10 et seq. Puerto Rico 10 Laws of Puerto Rico § 4051 et seq. Virgin Islands V.I. Code tit. 14, § 2208