Joseph J. Lazzarotti of JacksonLewis writes about the recent CafePress settlement:
The FTC recently settled its enforcement action involving data privacy and security allegations against an online seller of customized merchandise. In addition to agreeing to pay $500,000, the online merchant consented to multiyear compliance, recordkeeping, and FTC reporting requirements. The essence of the FTC’s seven count Complaint is that the merchant failed to properly disclose a data breach, misrepresented is data privacy and security practices, and did not maintain reasonable data security practices.
[…]
In reviewing the FTC enforcement action in this matter, it is interesting to see what the agency considered personal information:
Read more at Workplace Privacy, Data Management & Security Report.