In this episode, we break down how something as simple as an auto-fill feature on online quote forms can trigger an accidental data leak—and why strong MFA requirements on agent portals are essential for every insurance carrier.

Link to Case: https://www.dfs.ny.gov/system/files/documents/2025/10/ea20251014-co-hartford-fire-ins-company.pdf

In this episode, I dive into the FTC's enforcement action against Marriott, issued on October 9, 2024. (Link to case)

Below are my key takeaways from this enforcement action:

In this episode, I discuss the FTC's enforcement action against Verkada, announced on August 30, 2024. The FTC charged Verkada with violations of Section 5(a) and the CAN-SPAM Act. Key takeaways from this case include:

For any questions about this enforcement action, feel free to email me at [email protected].

Link to Case

In this episode, we'll discuss why companies should be on the lookout when agreeing to third-party vendor’s Terms of Service agreements.

**Opinions expressed in this episode are my own and do not express the views of others**

In this episode, I’m going to discuss how companies how companies’ attempt to retain their customer and obtain new customers could indirectly result in disclosing their customers’ sensitive information to third parties.

For this episode, I’m going to reference the recent the FTC complaint filed in federal court against Monument. 

Today, I have the pleasure of introducing you to a brand new video series I’m creating called "BOLO" – that's right, "Be on the Lookout!"

In this series, I will identify key activities that companies need to monitor closely, as they are attracting the attention of privacy regulators. These activities include, labeling Custom Events may lead to disclosing sensitive data to third parties to instances of companies not enforcing contract provisions when sharing personal data with third parties. With each episode, I’ll draw upon real-world cases in order to provide concrete enforcement examples that highlight each activity. 

In this episode, I discuss the 2023 FTC District Court complaint issued against Easy Healthcare.

Topics discussed in this episode:

1. The risk of mistakenly sharing sensitive health data with AppsFlyer and Google Analytics with "App Custom Events."

2. The risk of collecting and sharing "Non-Resettable Identifiers."

3. Compliance with the "Health Breach Notification Rule."

Link to FTC enforcement action: https://www.ftc.gov/legal-library/browse/cases-proceedings/202-3186-easy-healthcare-corporation-us-v

In this episode, I discuss the 2023 FTC District Court complaint issued against Amazon in regards to their Alexa products.

Key Takeaways from this complaint are:

1. Companies are not allowed to store users' personal data indefinitely for purposes of product development.

2. Companies that collect personal data from users under 13 must comply with the Children Online Privacy Protection Act "COPPA."

In this episode, I discuss the 2023 FTC District Court complaint issued against Ring, LLC.

Key Takeaways from this complaint are:

1. Companies' data security practices must align with their statements made to the public regarding the "quality" of their data security.

2. There are severe consequences when companies provide their employees and contractors access to all consumer sensitive data.

3. A settlement with the FTC could result in deleting of data that was improperly obtained.

Link to the complaint: https://www.ftc.gov/legal-library/browse/cases-proceedings/2023113-ring-llc

In this episode, I discuss the 2022 FTC compliant issued to Cafe Press.

Key takeaways from this compliant are:

- Companies’ privacy practices must align with their Privacy Notice. 

- When applicable, report data breaches to the appropriate parties (i.e., government agencies and consumers) 

- Companies should implement a data security framework (i.e., NIST or ISO)

Link to the complaint: ⁠https://www.ftc.gov/legal-library/browse/cases-proceedings/1923209-cafepress-matter⁠