12 companies have recently agreed to no-fault consent orders with the Federal Trade Commission, which is intended to settle charges that they falsely claimed that they were in compliance with the US-European Union and the US-Switzerland Safe Harbor Programs, even though their certifications had lapsed. The 12 companies come from virtually all industries, including mobile applications, peer-to-peer file sharing, e-mail encryptions services, and an ISP.
The Safe Harbor Program is set up to allow companies to transfer data of EU customers out of the bloc, only as long as they declare compliance with the Safe Harbor framework. This framework includes seven privacy principles, which the companies have to agree to. The Swiss version of the law is very similar, but since Switzerland is not part of the EU, it required its own program.
Both of these programs require all companies to recertify each year by simply reaffirming the existing self-certification.
The 12 companies listed below were charged by the FTC for violating Section 5 of the act by including statements in their privacy policies, or displaying certification notices on their websites which said they were current in their compliance, even after their certification had expired.
It seems that this is more of a case of neglect by these companies than any sort of active wrongdoing, but none the less, they were out of compliance and continued to market themselves as if they were still in compliance.
- Here is the full list of the 12 companies who came to the agreement with the FTC:
- Apperain Inc – a mobile applications company
- Atlanta Falcons Football Club LLC – an American National Football League team
- Baker Tilly Virchow Krause LLP – An accounting firm
- BitTorrent Inc – A peer-to-peer file sharing company
- Charles River Laboratories International Inc – A Drug Company
- DataMotion Inc – An e-mail encryption services company
- DDC Laboratories Inc – A DNA testing company
- Level 3 Communications LLC – An Internet Service Provider (ISP)
- PDB Sports LTD (Doing Business As the Denver Broncos Football Club) – A NFL team
- Reynolds Consumer Products – Maker of foil and other consumer products
- Receivable Management Services Corp – An accounts receivable and third-party recovery company
- Tennessee Football Inc – An NFL team
Clearly these companies come from all sorts of different industries, and this goes to show that all companies, no matter how big or small, that operate under any sort of agreement with the FTC need to take special care to remain current on all their certifications to remain in compliance.
