Featured Publications

Holland & Knight Tampa Partner A. Brian Albritton Nominated For U.S. Attorney of the Middle District of Florida

TAMPA – A. Brian Albritton, a litigation partner in the firm's Tampa office, has been nominated by President George W. Bush for U.S. Attorney of the Middle District of Florida. The nomination must be approved by the Senate. Once approved, Albritton will take over for interim U.S. Attorney Robert O'Neill.

More

Holland & Knight  Assists Client in Acquisition of MetroSouth Medical Center in Blue Island, Illinois

CHICAGO – A team of Holland & Knight attorneys, led by Chicago Partner Anne Murphy, today completed a transaction in which client MSMC Investors LLC acquired St. Francis Hospital and Health Center from SSM Health Care. The historic 410-bed hospital, founded in 1905, was slated for closure after earlier efforts to find a buyer were unsuccessful. The acquisition was successfully completed on an unusually aggressive timetable. The hospital is the largest employer in Blue Island, and is known for its high quality service and excellence in cardiac care.

More

Search Our Library

Search

  • Printer friendly
  • Email this page to a friend
  • Generate a PDF version of this page
Telecommunications
Newsletter - Fourth Quarter 2005
 
In this Issue...
Other Shoe Drops on DSW as FTC Expands Privacy Enforcement
 
 December 30, 2005
 

The Federal Trade Commission’s (FTC) strategic arsenal against companies with lax data privacy protections is growing. For only the second time in the agency’s history, the FTC employed the FTC Act’s “unfairness prong” to challenge a company’s data protection practices. Section 5 of the Act prohibits unfair and deceptive trade practices.

The FTC recently announced publication of a proposed settlement with shoe retailer DSW Inc. for allegedly failing to provide reasonable and appropriate security for personal information collected at its stores and corporate offices. The complaint alleges that the failure constitutes an unfair trade practice because it caused or was likely to cause substantial consumer injury that was not reasonably avoidable and was not outweighed by countervailing benefits to consumers or competition.

The complaint specifically claims that DSW’s practices, when taken together, failed to provide reasonable security for sensitive personal information including:

“(1) creating unnecessary risks to personal information collected at its stores by storing it in multiple files when it no longer had a business need to keep the information;

(2) failing to use readily available security measures to limit access to its computer networks through wireless access points on the networks;

(3) storing the information in unencrypted files that could be accessed easily by using a commonly known user ID and password;

(4) failing to sufficiently limit the ability of computers on one in-store computer network to connect to computers on other in-store and corporate networks; and

(5) failing to employ sufficient measures to detect unauthorized access.”

The complaint further states that DSW customer accounts were fraudulently charged and that some customers were told to close their checking accounts, thereby losing access to those accounts and incurring out-of-pocket expenses for such things as ordering new checks.

Although without precedent prior to 2005, this novel cause of action has been used twice by the agency in the last six months. The first such case was brought in June against BJ’s Wholesale Club Inc., another company not specifically covered by federal privacy statutes. Past actions against such entities have traditionally been based on the Act’s deceptive practices prong. This strategy targeted companies for failing to keep promises made to consumers about maintaining the privacy of their sensitive personal data. The new, more aggressive approach embodied by the “unfairness” strategy should put all companies on notice to take a more thoughtful and comprehensive approach to protecting sensitive customer information. Among other things, companies should consider using encryption to protect sensitive data and should only maintain consumer information needed for valid business purposes.

The proposed settlement is currently under a 30-day public comment period. After 30 days, the agency will review the agreement, evaluate the comments received, and then determine whether to withdraw from the agreement and take other appropriate action or confirm the proposed order.

For more information, e-mail Reg Leichty at reg.leichty@hklaw.com or call toll free, 1-888-688-8500.