Policy Patty Toolkit 

Making the world a little more compliant one toolkit at a time.


FTC Seeks Comment on Identity Theft Detection Rules

Posted on December 5, 2018 at 5:25 PM
The Federal Trade Commission ("FTC") is seeking comment on whether the agency should make changes to rules requiring that financial institutions and creditors take certain steps to detect signs of identity theft affecting their customers. As part of the Commission's periodic review of all its rules and guides, the FTC is seeking comment on whether any modifications should be made to the Red Flags Rule and the Card Issuers Rule. The Red Flags Rule requires financial institutions and some cred... Read Full Post »

FTC Amends Privacy Act System of Records Notices

Posted on August 6, 2018 at 7:45 AM
The Federal Trade Commission (FTC) adopted final amendments to its system of records notices under the Privacy Act of 1974 to ensure the Commission can disclose records to other agencies in the event of a data breach. The Privacy Act of 1974 authorizes federal agencies to adopt routine uses of agency records subject to the Act as long as they are compatible with the purpose for which the information was collected. Acting on a recommendation from the President???s Identity Theft Task Force, th... Read Full Post »

SEC Charges Mizuho Securities for Failure to Safeguard Customer Information

Posted on July 24, 2018 at 9:25 AM

The SEC charged Mizuho Securities USA LLC for its failure to safeguard information pertaining to stock buybacks by its issuer customers.  Mizuho agreed to settle the charges and will pay a $1.25 million penalty.

According to the SEC’s order, during a two-year period:

  • Mizuho failed to maintain and enforce policies and procedures aimed at preventing the misuse of material nonpublic information, including maintaining effective information barriers between different tr...
Read Full Post »

California Has a New Consumer Privacy Law

Posted on July 1, 2018 at 11:55 AM

The California Consumer Privacy Act initiative was approved on June 28, 2018. As a result, some of the rights consumers will have because of this important law:

• Right to know all data collected by a business on you

• Right to say NO to the sale of your information

• Right to DELETE your data

• Right to be informed of what categories of data will be collected about you prior to its collection, and to be informed of any changes to this collecti...

Read Full Post »

City of Chicago Issues New Data Protection Ordinance

Posted on June 18, 2018 at 1:25 PM

The City of Chicago recently introduced the Personal Data Collection, and Protection Ordinance (“the Ordinance”) requiring: (1) prior opt-in consent from Chicago residents to use, disclose or sell their personal information; (2) notice to affected Chicago residents and the City of Chicago in the event of a data breach; (3) registration requirements if business qualifies as “data brokers;” (4) specific notification to mobile device users for location services; and ...

Read Full Post »

GDPR is Here

Posted on May 24, 2018 at 8:50 AM

The EU's General Data Protection Regulation (GDPR) takes effect today (May 25th Compliance Date). If your organization is subject to these sweeping data protection requirements on processing personal data, it should be following a plan to address the regulation's requirements. In sum, these include:

• Application of the regulation to your organization (what applies to determine priorities and focus)

• Project team and project plan to coordinate efforts

• Da...

Read Full Post »

GDPR: WP29 Updated Guidance on Consent

Posted on April 18, 2018 at 2:30 PM

The Article 29 Working Party (WP29) has issued its guidance on consent requirements under the EU’s General Data Protection Regulation (GDPR). While much remains the same as the previously-issued draft guidance, some aspects have changed.

The GDPR defines ‘consent’ as:

‘any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the pr...

Read Full Post »

FINRA Investor Alert - Know Before You Share: Be Mindful of Data Aggregation Risks

Posted on March 29, 2018 at 1:45 PM

FINRA issued an Investor Alert to help consumers consider the risks of sharing personal financial account information and other sensitive information with data aggregators. These companies offer financial data aggregation services that put information about financial holdings typically in a personal financial management hub or portal. The data used to create these reports come from consumers that usually agree to provide the aggregator with the login information for all of his or her financia...

Read Full Post »

PayPal settles with the FTC over alleged Venmo disclosure failures

Posted on February 28, 2018 at 12:50 AM

The Federal Trade Commission (FTC) settled with PayPal, Inc. over allegations that:

• the company told users of its Venmo peer-to-peer payment service that money credited to their Venmo balances could be transferred to external bank accounts without adequately disclosing that the transactions were still subject to review and that funds could be frozen or removed;

• Venmo

o misled consumers about the extent to which they could control the privacy of their transac...

Read Full Post »

FTC Staff Perspective Recaps Workshop Examining Privacy, Security Issues Related to Connected Cars

Posted on January 15, 2018 at 9:50 AM

The Federal Trade Commission’s Bureau of Consumer Protection detailed the key takeaways from the June 28, 2017, workshop the Commission co-hosted with the National Highway Traffic Safety Administration focused on privacy and security issues related to connected cars.

The notice summarizes important themes from the discussion by panelists at the full-day workshop. This included various issues related to connected and automated vehicles that collect data. They include:


Read Full Post »