A Legal Guide to PRIVACY AND DATA SECURITY 2024

to consumers; and 3) require repayment of investigation and prosecution costs. Persons and entities who obtain, attempt to obtain, cause to be disclosed, or attempt to cause to be disclosed customer information of a financial institution (relating to another person) through false, fictitious, or fraudulent means, can be subjected to fines and imprisoned for up to five years. Criminal penalties of up to ten years’ imprisonment and fines of up to $500,000 (for an individual) or $1 million (for a company) may be imposed if the acts are committed or attempted while violating another U.S. law, or as part of a pattern of illegal activity involving more than $100,000 in a year. FTC Enforcement Actions. Important lessons can be learned from previous FTC investigations, settlements, and consent decrees. Settlements with the FTC and other government agencies also often provide for onerous reporting requirements, audits, and monitoring by third parties. Most FTC consent decrees include a 20-year term with regular audits of the company privacy practices. By reviewing these FTC actions and consent decrees, a business might learn what activities might be challenged by the FTC. Notable examples of FTC enforcement actions include: Facebook, YouTube, and Google (2020) The FTC levied a $5 billion penalty—the largest consumer privacy penalty ever—against Facebook for violating its 2012 FTC privacy order and imposed new restrictions on the social network’s business operations. The FTC also obtained a record $170 million penalty against YouTube and Google for alleged violations of the Children’s Online Privacy Protection Act (COPPA). Retina-X (2020) In its first case involving a stalking app, the FTC alleged that Retina-X enabled its apps to be used for illegitimate purposes and in violation of COPPA.

27

Made with FlippingBook - Online Brochure Maker