[{"id":2884736,"link":"https://www.ftc.gov/business-guidance/blog/2011/01/lets-make-seal","title":"Let's Make a Seal","description":"Let's Make a Seal wfg-adm109 January 12, 2011 | 5:31PM Let's Make a Seal By Lesley Fair For many people, environmental considerations play an important role in what they put in their shopping carts.  But it's tough to know when green claims are credible.  Seals and certifications can be a useful tool to help shoppers decide where to place their trust and how to spend their money — but only if they're backed by solid proof. The FTC’s proposed settlement with Tested Green, Nonprofit Management LLC, and Jeremy Ryan Claeys demonstrates the importance of ensuring that claims conveyed to consumers through seals and certifications are supported by sound science.  According to the FTC, the company and Claeys advertised and sold a Tested Green certification, touted as “the nation’s leading certification program for businesses that produce green products or use green processes in the manufacture of goods and services.”  The company’s website hyped the program as “the nation’s leading certification for green businesses with over 45,000 certifications in the United States.” Tested Green said that to qualify for the \"Rapid” certification, companies had to “answer a series of questions about the green activities your business participates in.”  To qualify for the “Pro” Certification, companies had to supply the same documentation, but Tested Green required more:  a possible site visit “to verify the green practices are legitimate and meet universal green standards.” Despite those claims, the FTC says that no applicant was required to answer a series of questions about their business’ green activities, and no applicant for the Pro certification was ever subject to a site visit as a condition of certification.  According to the FTC, the only “green” activity the company insisted on was ponying up $189.95 for the Rapid certification or $549.95 for the Pro version. The FTC charged that as soon as businesses paid the fee, Tested Green sent them the logo and a “certification verification page” they could use to advertise their Tested Green certified status. But problems with the Tested Green program didn’t end there.  Tested Green claimed that its program was endorsed by the National Green Business Association and the National Association of Government Contractors.  Independent industry groups?  Not so.  According to the FTC, they were businesses owned and operated by respondent Claeys. The FTC’s complaint alleged that Tested Green’s certifications conveyed the false claim that the products or services bearing the certification had been independently and objectively evaluated based on their environmental attributes or benefits.  Additionally, by furnishing businesses with the certification and the tools to advertise it, Tested Green provided them with what they needed for the commission of deceptive acts and practices – the “means and instrumentalities,” in legal parlance – which is itself a deceptive act in violation of Section 5. The FTC also charged that Tested Green’s use of “endorsements” from the National Green Business Association and the National Association of Government Contractors was false and misleading since they owned and operated the groups.  The failure to disclose the relationship between the two groups and Tested Green was a deceptive practice,"},{"title":"The Air Navigation (Restriction of Flying) (Wembley Stadium, London) Regulations 2026","id":2884613,"link":"http://www.legislation.gov.uk/id/uksi/2026/511http://www.legislation.gov.uk/uksi/2026/511/madehttp://www.legislation.gov.uk/uksi/2026/511/pdfs/uksi_20260511_en.pdfhttp://www.legislation.gov.uk/uksi/2026/511/contents/made"},{"link":"http://www.legislation.gov.uk/id/uksi/2026/512http://www.legislation.gov.uk/uksi/2026/512/madehttp://www.legislation.gov.uk/uksi/2026/512/pdfs/uksi_20260512_en.pdfhttp://www.legislation.gov.uk/uksi/2026/512/contents/made","id":2884614,"title":"The Air Navigation (Restriction of Flying) (Edinburgh) Regulations 2026"},{"id":2884615,"link":"http://www.legislation.gov.uk/id/asc/2026/5http://www.legislation.gov.uk/asc/2026/5/enactedhttp://www.legislation.gov.uk/asc/2026/5/pdfs/asc_20260005_we.pdfhttp://www.legislation.gov.uk/asc/2026/5/pdfs/asc_20260005_en.pdfhttp://www.legislation.gov.uk/asc/2026/5/pdfs/asc_20260005_mi.pdfhttp://www.legislation.gov.uk/asc/2026/5/contents/enactedhttp://www.legislation.gov.uk/asc/2026/5/contents/enacted/welsh","title":"Building Safety (Wales) Act 2026 / Deddf Diogelwch Adeiladau (Cymru) 2026"},{"id":2884616,"link":"http://www.legislation.gov.uk/id/asc/2026/6http://www.legislation.gov.uk/asc/2026/6/enactedhttp://www.legislation.gov.uk/asc/2026/6/pdfs/asc_20260006_we.pdfhttp://www.legislation.gov.uk/asc/2026/6/pdfs/asc_20260006_en.pdfhttp://www.legislation.gov.uk/asc/2026/6/pdfs/asc_20260006_mi.pdfhttp://www.legislation.gov.uk/asc/2026/6/contents/enactedhttp://www.legislation.gov.uk/asc/2026/6/contents/enacted/welsh","title":"Planning (Wales) Act 2026 / Deddf Cynllunio (Cymru) 2026"},{"id":2884606,"link":"http://www.legislation.gov.uk/id/uksi/2026/510http://www.legislation.gov.uk/uksi/2026/510/madehttp://www.legislation.gov.uk/uksi/2026/510/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/510/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/510/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/510/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/510/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/510/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/510/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/510/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/510/contents/made","title":"The Single Source Contract (Amendment) Regulations 2026","description":"These Regulations amend the Single Source Contract Regulations 2014 (S.I. 2014/3337, amended by S.I. 2024/420) (the “2014"},{"link":"http://www.legislation.gov.uk/id/uksi/2026/514http://www.legislation.gov.uk/uksi/2026/514/madehttp://www.legislation.gov.uk/uksi/2026/514/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/514/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/514/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/514/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/514/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/514/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/514/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/514/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/514/contents/made","id":2884607,"description":"This Order, which extends to England and Wales and Scotland, varies certain fees payable under the Firearms Act 1968 and the Firearms (Amendment) Act 1988. The new fee levels are set out","title":"The Firearms (Variation of Fees) Order 2026"},{"link":"http://www.legislation.gov.uk/id/uksi/2026/519http://www.legislation.gov.uk/uksi/2026/519/madehttp://www.legislation.gov.uk/uksi/2026/519/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/519/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/519/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/519/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/519/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/519/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/519/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/519/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/519/contents/made","id":2884608,"description":"The English Devolution and Community Empowerment Act 2026 (c. 23) (“the 2026 Act”) established strategic authorities, a new category of public authority in England which includes combined authorities (“CAs”) and combined county authorities","title":"The English Devolution and Community Empowerment Act 2026 (Consequential Amendments and Revocations) (England) Regulations 2026"},{"link":"http://www.legislation.gov.uk/id/uksi/2026/517http://www.legislation.gov.uk/uksi/2026/517/madehttp://www.legislation.gov.uk/uksi/2026/517/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/517/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/517/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/517/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/517/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/517/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/517/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/517/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/517/contents/made","id":2884609,"title":"The Combined Authorities (Overview and Scrutiny Committees, Access to Information and Audit Committees) (Amendment) Order 2026","description":"Schedule 3 to the English Devolution and Community Empowerment Act 2026 (c. 23) inserts Schedule 2A into the Levelling-up and Regeneration Act 2023 (c. 55) (“the 2023 Act”) and Schedule 5BA into the Local Democracy, Economic Development and Construction Act 2009 (c. 20) (“the 2009 Act”). These Schedules apply to commissioners, who can be appointed by the mayor of a combined authority (“CA”) or combined county authority (“CCA”) to assist in the exercise of mayoral functions. CAs and CCAs may make a scheme for the payment of allowances to commissioners, subject to the CA or CCA having considered a report published by a relevant remuneration panel. These panels make recommendations for the allowances to commissioners provided for in the scheme and the allowances payable must not exceed these"},{"id":2884610,"link":"http://www.legislation.gov.uk/id/uksi/2026/518http://www.legislation.gov.uk/uksi/2026/518/madehttp://www.legislation.gov.uk/uksi/2026/518/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/518/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/518/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/518/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/518/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/518/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/518/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/518/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/518/contents/made","title":"The European Communities (Immunities and Privileges of the North Atlantic Salmon Conservation Organization and North-East Atlantic Fisheries Commission) (Revocation) Regulations 2026","description":"These Regulations are made in exercise of the power in section 14(1) of the Retained EU Law (Revocation and Reform) Act 2023 (c. 28) (“the REUL Act”). This is the power to revoke secondary assimilated EU law without replacing it. These Regulations revoke the European Communities (Immunities and Privileges of the North Atlantic Salmon Conservation Organization) Order 1985, as amended by the European Communities (Immunities and Privileges of the North Atlantic Salmon Conservation Organization) Order 2001, (“the 1985 Order”) and the European Communities (Immunities and Privileges of the North-East Atlantic Fisheries Commission) Order 1999 (“the 1999"},{"id":2884611,"link":"http://www.legislation.gov.uk/id/uksi/2026/508http://www.legislation.gov.uk/uksi/2026/508/madehttp://www.legislation.gov.uk/uksi/2026/508/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/508/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/508/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/508/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/508/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/508/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/508/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/508/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/508/contents/made","description":"These Regulations are made under section 293 of the Energy Act 2023 (c. 52) which enables regulations to make provision about the taking or securing of measures in compensation for adverse environmental effects of offshore wind activities (“compensatory measures”). Such measures must be secured where offshore wind activity is agreed to, notwithstanding a negative assessment of the implications for certain marine sites, in accordance with regulation 68 of the Conservation of Habitats and Species Regulations 2017 (S.I. 2017/1012) (“Inshore Regulations”) and regulation 36 of the Conservation of Offshore Marine Habitats and Species Regulations 2017 (S.I. 2017/1013) (“Offshore","title":"The Conservation of Habitats and Species (Offshore Wind) (Amendment etc.) Regulations 2026"},{"id":2884612,"link":"http://www.legislation.gov.uk/id/uksi/2026/509http://www.legislation.gov.uk/uksi/2026/509/madehttp://www.legislation.gov.uk/uksi/2026/509/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/509/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/509/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/509/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/509/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/509/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/509/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/509/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/509/contents/made","description":"These Regulations make amendments to the Building Safety (Responsible Actors Scheme and Prohibitions) Regulations 2023 (“the 2023 Regulations”). The Responsible Actors Scheme, established by the 2023 Regulations, requires relevant developers to identify relevant buildings they are responsible for and remediate and/or mitigate life-critical fire safety defects in those buildings, or repay the costs of the same. Failure to do so may attract building control and planning prohibitions which carry significant commercial","title":"The Building Safety (Responsible Actors Scheme and Prohibitions) (Amendment) Regulations 2026"},{"description":"An Act of the Scottish Parliament to make provision prohibiting the racing of greyhounds on","title":"Greyhound Racing (Offences) (Scotland) Act 2026","link":"http://www.legislation.gov.uk/id/asp/2026/15http://www.legislation.gov.uk/asp/2026/15/enactedhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.xmlhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.rdfhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.aknhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.xhthttp://www.legislation.gov.uk/asp/2026/15/enacted/data.htmlhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.htmhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.csvhttp://www.legislation.gov.uk/asp/2026/15/enacted/data.pdfhttp://www.legislation.gov.uk/asp/2026/15/contents/enacted","id":2884603},{"id":2884604,"link":"http://www.legislation.gov.uk/id/nisr/2026/88http://www.legislation.gov.uk/nisr/2026/88/madehttp://www.legislation.gov.uk/nisr/2026/88/made/data.xmlhttp://www.legislation.gov.uk/nisr/2026/88/made/data.rdfhttp://www.legislation.gov.uk/nisr/2026/88/made/data.aknhttp://www.legislation.gov.uk/nisr/2026/88/made/data.xhthttp://www.legislation.gov.uk/nisr/2026/88/made/data.htmlhttp://www.legislation.gov.uk/nisr/2026/88/made/data.htmhttp://www.legislation.gov.uk/nisr/2026/88/made/data.csvhttp://www.legislation.gov.uk/nisr/2026/88/made/data.pdfhttp://www.legislation.gov.uk/nisr/2026/88/contents/made","description":"These Regulations amend Part 3 of the Universal Credit, Personal Independence Payment, Jobseeker’s Allowance and Employment and Support Allowance (Decisions and Appeals) Regulations (Northern Ireland)","title":"The Universal Credit, Personal Independence Payment, Jobseeker’s Allowance and Employment and Support Allowance (Decisions and Appeals) (Amendment) Regulations(Northern Ireland) 2026"},{"title":"The Air Navigation (Restriction of Flying) (Helicopter Flight) (No. 5) Regulations 2026","id":2884605,"link":"http://www.legislation.gov.uk/id/uksi/2026/522http://www.legislation.gov.uk/uksi/2026/522/madehttp://www.legislation.gov.uk/uksi/2026/522/pdfs/uksi_20260522_en.pdfhttp://www.legislation.gov.uk/uksi/2026/522/contents/made"},{"title":"Réunion du Groupe de travail sur la médiation","description":"Le 12 mai 2026, le Groupe de travail sur la médiation familiale transfrontière dans le cadre du Processus de Malte (Groupe de travail sur la médiation) s'est réuni en ligne. Vingt-cinq participants étaient inscrits à cette réunion, représentant 13 Membres de la HCCH et un État contractant non membre observateur, ainsi que des membres du personnel du Bureau Permanent de la HCCH. Au cours de la réunion, les participants de divers ressorts juridiques ont partagé leurs expériences","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1151","id":2884566},{"description":"Le Bureau Permanent (BP) de la HCCH a le plaisir d'annoncer l'ouverture des inscriptions pour HCCH a|Bridged – Édition 2025, dédiée à la Convention Jugements de 2019. Depuis 2019, la série HCCH a|Bridged réunit des experts et parties prenantes du monde entier afin d'examiner les travaux de la HCCH dans le contexte plus large de l'innovation en matière du contentieux civil ou commercial transnational. Les éditions précédentes ont porté sur la Convention Notification de","title":"Ouverture des inscriptions à HCCH a|Bridged – Convention Jugements de 2019","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1111","id":2884565},{"title":"La République de Moldova adhère à la Convention Protection des enfants de 1996","description":"Le Bureau Permanent a été informé que la République de Moldova a déposé, le 11 mars 2025, son instrument d'adhésion à la Convention du 19 octobre 1996 concernant la compétence, la loi applicable, la reconnaissance, l'exécution et la coopération en matière de responsabilité parentale et de mesures de protection des enfants (Convention Protection des enfants de 1996). Avec l'adhésion de la République de Moldova, la Convention compte désormais 57 Parties contractantes. Elle entrera","id":2884563,"link":"https://www.hcch.net/fr/news-archive/details/?varevent=1057"},{"description":"Le 23 mars 2025, la Convention du 23 novembre 2007 sur le recouvrement international des aliments destinés aux enfants et à d'autres membres de la famille (Convention Recouvrement des aliments des 2007) est entrée en vigueur pour la République dominicaine suite au dépôt de son instrument d'adhésion le 21 mars 2024. À présent, 53 États et l'Union européenne sont liés par la Convention Recouvrement des aliments 2007. De plus amples informations sur cette Convention sont disponibles dans","title":"La Convention Recouvrement des aliments de 2007 entre en vigueur pour la République dominicaine","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1058","id":2884564},{"id":2883797,"link":"https://news.un.org/feed/view/fr/story/2026/05/1158832","description":"Alors que les prix du pétrole grimpent sur fond de tensions géopolitiques, un facteur souvent sous-estimé du changement climatique refait surface : la production de plastiques, fortement dépendante des énergies fossiles et responsable d’émissions croissantes de gaz à effet de","title":"Plastiques : la flambée du pétrole pourrait accélérer la transition"},{"description":"Operation Ruse Control: 6 tips if cars are up your alley lfair March 26, 2015 | 11:00AM Operation Ruse Control: 6 tips if cars are up your alley By Lesley Fair When it comes to car advertising, truth should be standard equipment. That’s the message of Operation Ruse Control, a coast-to-coast and cross-border sweep by the FTC and state, federal, and international law enforcers aimed at driving out deception in automobile ads, adds-ons, financing, and auto loan modification services. The FTC cases offer 6 tips to help keep your promotions in the proper lane. 1.    Avoid practices that turn add-ons into bad-ons.   Two of the FTC actions involve add-ons – extra products or services tacked on to the sale, lease, or financing of a car. Typical add-ons include extended warranties, guaranteed automobile protection (GAP) insurance, credit life insurance, undercoating, and the like. According to the FTC, California-based National Payment Network deceptively claimed in online ads and through a network of authorized dealers that car buyers who bought its biweekly payment program would save money. What consumers weren’t told was that the cost of the add-on often outstripped any savings. The FTC says that was a material fact that should have been disclosed upfront. In a related action, the FTC sued New Jersey dealerships Matt Blatt Inc. and Glassboro Imports LLC for pitching NPN’s deceptive add-ons and pocketing hefty commissions. To settle the case, NPN will provide consumers with $2.475 million in refunds and fee waivers. The dealerships will turn over an additional $184,000. 2.  Don’t low-ball your pitch.  Three of the Operation Ruse Control cases challenge allegedly deceptive advertising by auto dealers.  Some crossed the line by using headlines to tout bargain prices while failing to disclose – or failing to adequately disclose – the true cost of the deal. For example, ads for Cory Fairbanks Mazda of Longwood, Florida, pitched “used cars as low as $99.” But according to the FTC, $99 was just the minimum bid for cars offered at a liquidation sale and that didn’t include substantial mandatory fees. In a similar vein, the FTC says the dealership’s ads included photos of loaded cars without clearly explaining that some pictured features – like spoilers and sunroofs – weren’t included in the price. 3.   Steer clear of deceptive “zero sum” games.  Just as Seinfeld billed itself as a show about nothing, ads for Ross Nissan of El Monte focused on nothing, too – as in “$0 INITIAL PAYMENT, $0 DOWN PAYMENT, $0 DRIVE-OFF LEASE.”  The California company made the same claims in Spanish language ads. Other ads promised “$0 down*, 0% APR financing*, 0 payments*, and 0 problems.” Well, the FTC had a problem with – among other things – the deceptive use of “zero.” The dealership’s “$0 at lease inception” deal wasn’t applicable if consumers wanted the cars in the ads for the advertised monthly payment. What about “$0 down payment?” The FTC says people, in fact, had to pay a down payment to finance the vehicles for the monthly payment featured in the ads. And “0% APR?” The annual percentage rate for financing those cars for the advertised payment was way more than 0%. (The complaint against Cory Fairbanks Mazda made similar allegations about deceptive “zero” claims.)  The message for dealers:  Don’t lure customers in with misleading “zero” promises. 4.  If strings are attached, make them clear to consumers upfront.   That’s the message of the FTC’s settlement with Jim Burke Nissan in Birmingham, Alabama. According to the complaint, the dealership highlighted eye-catching prices without clearly explaining what the vehicle would really cost consumers. For example, in some cases, what appeared to be the full price was actually what people","title":"Operation Ruse Control: 6 tips if cars are up your alley","link":"https://www.ftc.gov/business-guidance/blog/2015/03/operation-ruse-control-6-tips-if-cars-are-your-alley","id":2883768},{"description":"Collection and protection wfg-adm109 January 11, 2012 | 11:53AM Collection and protection By Lesley Fair The terms of an FTC settlement apply just to that business, of course. But clued-in companies know there’s a lot that can be learned from someone else’s alleged misstep. The FTC’s law enforcement action against Upromise is no exception. According to the complaint, the college savings membership program introduced a toolbar that collected users’ personal information without adequately disclosing the extent of what was going on. Under the terms of the proposed order, Upromise will notify users about how to uninstall the toolbars already on their computers, will get users’ OK before installing or re-enabling any toolbars, and will clearly disclose its data collection practices in the future. The settlement also bars misrepresentations about the privacy and security of people’s personal info, and requires Upromise to implement a comprehensive information security program, including every-other-year independent security assessments for the next 20 years. What should this case and other recent law enforcement actions mean for your company? Know before it’s a go. Before turning the key, you need to know how many horses you’ve got under the hood. In the same way, before rolling out new technology — like a toolbar or an app — make sure you’re clear on what information it collects. Better still, build data security decision-making, verification, and monitoring into the design process. It’s usually easier to get it right from the outset than to reverse-engineer a fix days before delivery or in response to a security “oops.” Craft it carefully. Not too long ago marketers assumed the more info they gathered, the better — and if something was technologically feasible, full speed ahead. But the risk of a costly security breach or a troubling data glitch has taught savvy executives that that mindset is like sooooooo 20th Century . These days your policies should be the product of deliberate, well-rounded decision-making that carefully considers data security, information collection, disclosures to consumers, and other key factors. Do tell. Generally speaking, the law gives companies flexibility in fashioning their data collection programs. But the best practice is to tell users what you collect, communicate it in words regular people will understand, and honor your stated policy. Keep tabs on your service providers. According to the FTC’s complaint against Upromise, the company hired a service provider to develop the toolbar and personalized offers feature that raised data collection concerns. But under the FTC Act, companies may be liable for what others do on their behalf. As part of the soup-to-nuts info security program, the proposed order requires Upromise to take reasonable steps to “select and retain service providers capable of appropriately safeguarding personal information” and to include contract terms requiring service providers to “implement and maintain appropriate safeguards.” The order provision is legally binding only on Upromise, but it’s sound advice to consider next time you’re working with an outside","title":"Collection and protection","link":"https://www.ftc.gov/business-guidance/blog/2012/01/collection-protection","id":2883769},{"link":"https://www.ftc.gov/business-guidance/blog/2011/04/cleaning-ad-claims","id":2883770,"description":"Cleaning up ad claims wfg-adm109 April 18, 2011 | 1:55PM Cleaning up ad claims By Lesley Fair Science, studies, and statistics. There’s a reason advertisers feature them so prominently. When used accurately, they can be powerful tools for distinguishing your product from the competitors. But scientific claims — especially health-related ones — need solid proof. That was the cause of the recent legal dust-up between the FTC and Oreck Corporation involving the Oreck Halo vacuum and the Oreck ProShield Plus portable room air cleaner. The company touted the products as “flu fighters” that could “help stop the flu on virtually any surface and in the air in your home.” One infomercial claimed, “The Oreck Halo has killed up to 99.9 percent of bacteria exposed to its light in one second or less,” and that the vacuum’s light chamber “has been tested and shown to kill up to 99.9 percent of certain common germs, plus dangerous pathogens like E. Coli and MRSA.” According to the FTC’s complaint, the company’s ads represented that through normal use, the Halo and ProShield Plus would substantially reduce the risk of ailments caused by bacteria, viruses, molds, and allergens — like colds, flu, asthma, and allergy symptoms. In addition, said the FTC, the ads claimed the Halo would eliminate all or virtually all common germs and allergens found on floors and that the ProShield Plus would eliminate all or virtually all airborne particles from a typical room. The complaint also charged that Oreck claimed it had scientific tests to support what it was saying. Not so, alleged the FTC. According to the complaint, Oreck didn’t have adequate proof to back up its performance claims and that its “scientific tests prove” statements were false. The FTC also charged that by providing ads to its franchised stores for their use in marketing the vacuum and air cleaner, Oreck illegally provided distributors with “means and instrumentalities” in furtherance of the deceptive practices alleged in the complaint. To settle the FTC’s lawsuit, Oreck agreed — among other things — not to make claims that its vacuums and air cleaning products could prevent illnesses caused by bacteria, viruses, molds, or allergens unless it has competent and reliable scientific evidence. That same standard will apply to future claims about the health benefit of any other product. In addition, the proposed order requires Oreck to pay $750,000 in redress. What messages should marketers take from the Oreck settlement? Reliance on science.  Advertisers wouldn’t tout technical data if they didn’t think prospective buyers found it persuasive. That’s why companies that make objective claims about a product’s benefits need the appropriate level of substantiation to back up those promises. Living in the real world.   Laboratory studies can be a key part of substantiation, but it’s also important that clinical results translate into scientifically sound real-world benefits for consumers who use a product in an advertised day-to-day setting. Ways and “means”?  Does your company have franchisees, distributors, or others that sell your products? Under the law, your business can be liable for giving them the means for deceiving others. Heed the warnings.   Oreck was aware of ad concerns raised by the National Advertising Division of the Council of Better Business Bureaus. When well-respected self-regulatory groups like the NAD wave red flags, it’s wise to re-evaluate your representations. The cost of deception.   As this settlement and other recent actions demonstrate, in appropriate cases the FTC will seek financial remedies for violations of the law.","title":"Cleaning up ad claims"},{"title":"Courts and Tribunals Bill","description":"A Bill to Make provision in relation to criminal courts in England and Wales; to make provision about the leadership of tribunals; to amend section 1 of the Children Act 1989 to remove the presumption relating to the involvement of parents in the life of a child; and for connected","link":"https://bills.parliament.uk/bills/4083","id":2883713},{"title":"High Speed Rail (Crewe - Manchester) Bill","description":"A Bill to make provision for a railway between a junction with Phase 2a of High Speed 2 south of Crewe in Cheshire and Manchester Piccadilly Station; for a railway between Hoo Green in Cheshire and a junction with the West Coast Main Line at Bamfurlong, south of Wigan; and for connected","link":"https://bills.parliament.uk/bills/3094","id":2883714},{"link":"https://bills.parliament.uk/bills/4125","id":2883715,"description":"A Bill to make provision for the protection of purchasers and users of air transport and airport services; to make provision about airspace change, air traffic and air navigation services and airport slots and schedules; to confer power on the Civil Aviation Authority to make rules; to make provision about aviation offences; and for connected","title":"Civil Aviation (Consumer Protection and Regulatory Reform) Bill [HL]"},{"title":"Social Housing Bill [HL]","description":"A Bill to make provision about social","link":"https://bills.parliament.uk/bills/4126","id":2883716},{"title":"Health Bill","description":"A Bill to make provision about health and social","link":"https://bills.parliament.uk/bills/4124","id":2883707},{"id":2883708,"link":"https://bills.parliament.uk/bills/4123","title":"Steel Industry (Nationalisation) Bill","description":"A Bill to make provision enabling the Secretary of State in certain circumstances to make regulations relating to the transfer of securities issued by, or property, rights and liabilities of, a steel undertaking; and for connected"},{"id":2883709,"link":"https://bills.parliament.uk/bills/4035","title":"Cyber Security and Resilience (Network and Information Systems) Bill","description":"A Bill to Make provision, including provision amending the Network and Information Systems Regulations 2018, about the security and resilience of network and information systems used or relied on in connection with the carrying on of essential"},{"title":"Northern Ireland Troubles Bill","description":"A Bill to make new provision to address the legacy of the Northern Ireland","id":2883710,"link":"https://bills.parliament.uk/bills/4022"},{"description":"A Bill to continue the Armed Forces Act 2006; to amend that Act and other enactments relating to the armed forces; to make provision about the reserve forces; to make provision about visiting forces; to make provision about the Ministry of Defence Police; to make provision about the defence functions of the Oil and Pipelines Agency; to make provision about the protection of military remains; and for connected","title":"Armed Forces Bill","id":2883711,"link":"https://bills.parliament.uk/bills/4065"},{"title":"Sporting Events Bill [HL]","description":"A Bill to make provision for enabling a common set of legislative provisions to be applied to major sporting events held in the United Kingdom; to confer power to provide financial assistance in relation to sporting events held in England, Scotland or Northern Ireland; and for connected","link":"https://bills.parliament.uk/bills/4127","id":2883712},{"description":"Le Bureau Permanent a été informé que le Royaume de Bahreïn a déposé, le 13 mars 2025, ses instruments d'adhésion à la Convention du 18 mars 1970 sur l'obtention des preuves à l'étranger en matière civile ou commerciale (Convention Preuves de 1970) et à la Convention du 30 juin 2005 sur les accords d'élection de for (Convention Élection de for de 2005). Avec l'adhésion de Bahreïn, la Convention Preuves de 1970 compte désormais 67 Parties contractantes. Elle entrera en","title":"Bahreïn adhère aux Conventions Preuves de 1970 et Élection de for de 2005","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1053","id":2883677},{"title":"Atelier régional sur l'adoption internationale : Partage d'expériences sur la bonne mise en œuvre de la Convention Adoption de 1993 en Asie","description":"Du 11 au 13 mars 2025, l'Atelier régional sur l'adoption internationale : Partage d'expériences sur la bonne mise en œuvre de la Convention Adoption de 1993 en Asie (atelier régional) s'est tenu à Manille (Philippines). Il a attiré 72 participants représentant huit Parties contractantes à la Convention Adoption de 1993, deux Parties non contractantes, une organisation intergouvernementale et une organisation non gouvernementale, ainsi que des membres du Bureau Permanent (BP) de la HCCH.   L'atelier régional a permis","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1054","id":2883678},{"id":2883679,"link":"https://www.hcch.net/fr/news-archive/details/?varevent=1055","description":"Le 19 mars 2025, le Groupe de travail (GT) chargé de finaliser le Profil d'État et de préparer le projet de Formulaire modèle recommandé de demande de coopération dans le cadre de la Convention Protection des enfants de 1996 a tenu sa sixième réunion en ligne, dans les locaux du Bureau Permanent (BP) à La Haye. La réunion a été suivie par 21 délégués représentant 12 Membres de la HCCH, ainsi que par des membres du BP. Au cours de la réunion, les participants","title":"Sixième réunion du Groupe de travail chargé de finaliser le Profil d’État et de préparer le projet de Formulaire modèle recommandé de demande de coopération dans le cadre de la Convention Protection des enfants de 1996"},{"id":2882967,"link":"https://www.uemoa.int/actualites/le-commissaire-jonas-gbian-recu-par-le-ministre-detat-ministre-de-ladministration","title":"Le Commissaire Jonas Gbian reçu par le Ministre d’Etat, Ministre de l’Administration Territoriale et de la Mobilité du Burkina Faso","description":"- mer, 05/13/2026 -"},{"link":"https://news.un.org/feed/view/fr/story/2026/05/1158830","id":2882965,"description":"Le plastique recyclé dans les emballages alimentaires séduit pour réduire les déchets, mais menace notre assiette. Alors que snacks, plats préparés, confiserie et boissons en bouteille inondent nos rayons, la FAO appelle à des normes mondiales strictes pour protéger la santé, prolonger la conservation des aliments et limiter l’impact","title":"Plastiques recyclés : la FAO réclame des normes sur les emballages alimentaires"},{"description":"Painting the town green wfg-adm109 October 25, 2012 | 12:27PM Painting the town green By Lesley Fair The biggest decision facing a DIYer in the paint store used to be whether Dusting of Snow or Wistful Beige was right for the dining room.  But nowadays more businesses are making express claims about their products, including purported environmental benefits.  Two of the nation’s leading paint companies — The Sherwin-Williams Company and PPG Architectural Finishes, Inc. — advertised that some of their paints were free of volatile organic compounds (VOCs). First, a little VOC-ational education about paint.  Some VOCs (carbon-containing compounds that evaporate at room temperature) can be harmful to human health and to the environment.  Many interior wall paints contain significant levels of VOCs, so it’s not surprising that companies have introduced paints advertised as free of VOCs.  The “zero VOCs” claim for Sherwin-Williams' Dutch Boy Refresh and PPG's Pure Performance were on product labels, on point-of-purchase displays, online, and in the media.  The companies also disseminated them through promotional materials provided to independent distributors and retailers. But the FTC says the companies colored the truth about the level of VOCs in the paint people bought.  According to the complaint, while the “zero VOCs” representation may have been accurate for the uncolored base, buyers generally get tinted paint, which may contain significant levels of VOCs. Therefore, the FTC charged that the companies’ “zero VOCs” claims were false.  The complaint also alleges that Sherwin-Williams and PPG gave distributors and retailers the “means and instrumentalities” to disseminate misleading claims, in violation of the FTC Act. To settle the charges, the companies have agreed not to make deceptive claims in the future.  (Read the Sherwin-WIlliams pleadings and PPG pleadings for the specifics.)  If they say expressly or by implication that the VOC level of a paint is zero, they’ll need sound science to prove that it contains no VOCs — or no more than a trace level.  The definition of “trace level” comes from the FTC's revised Green Guides : that VOCs haven’t been intentionally added to the product, that the presence of VOCs at that level doesn’t cause material harm to health or to the environment typically associated with VOCs, and the VOC level isn’t higher than what’s found in background levels in ambient air. The order gives the companies two other options.  If after tinting, the VOC level is below a certain specified level, the companies can clearly and prominently disclose that the claim applies only to the base paint and that the actual VOC level may increase, depending on the color choice.  A third option:  They can clearly and prominently disclose that the claim applies on to the base paint and that the VOC level may increase “significantly” or “up to [ insert:  the highest possible VOC level after tinting],” depending on the color choice.  The order also bans unsubstantiated environmental benefit claims for any covered product. In response to the FTC's lawsuit, the companies also agreed to send letters to their dealers and distributors, directing them to stop using ads and marketing materials making the “no VOCs” or “zero VOCs” claims challenged in the complaint.  Sherwin-Williams and PPG also will direct dealers and distributors to sticker over those claims on paint cans.  What’s the take-away for businesses?  First, view claims from your customers’ perspective.  Put another way, what really matters to people shopping for paint?  The VOC levels in the base or in the paint that was actually going on the walls of their homes?  Second, if you haven’t had a chance to take a look at the revised Green Guides ,","title":"Painting the town green","id":2882928,"link":"https://www.ftc.gov/business-guidance/blog/2012/10/painting-town-green"},{"title":"Collection deception","description":"Collection deception wfg-adm109 May 31, 2012 | 10:35AM Collection deception By Lesley Fair On classic episodes of the Tonight Show, affable sidekick Ed McMahon sought guidance from Johnny Carson's all-knowing Carnac character.  But as demonstrated by a recent FTC law enforcement action — which involved a company's misleading reference to the late Mr. McMahon — you don't need a psychic to know that challenging deceptive debt collection practices remains a top priority. According to the complaint, defendants Luebke Baker & Associates, CEO Kevin Luebke, and other corporate managers used illegal tactics to collect a variety of debts, including magazine subscription debts, many of which they knew or should have known weren't valid.  Some of the magazine debts traced back more than a decade to a company the FTC had successfully sued for deceptive marketing.  Despite the fact that the defendants had been notified of a 2003 federal court order that placed special restrictions on anyone attempting to collect payments related to that seller, the FTC alleged the defendants ignored those requirements and repeatedly told people the debts were due and payable. The defendants' \"rebuttal sheet\" — attached as an exhibit to the FTC's court papers — offers insights into just how far the defendants went to try to collect debts.  For example, when people refused to pay, the defendants directed their representatives to illegally threaten to contact their employers:   \"I am trying to help you out.  I definitely don't want be the bad guy but our client sent over your employment information and I would like to handle this with you on a voluntary basis before we have to get your employer involved.  Blah blah if getting nowhere.\" If the consumer still balked at paying, the defendants read off the person's work address and threatened to get law enforcers involved:  \"A sheriff will deliver a summons to either your place of employment or your home.  It depends on what we instruct the peace officer.\" If people exercised their right to ask for documentation for the alleged debt, the defendants really turned up the heat: \"Typically when someone requests proof and it's clear to us that this is their bill, you may possibly receive your requested credit card itemization stapled to a summons to appear in court.\"   In addition, the FTC says they falsely told people that magazine subscription debts are exempt from the statute of limitations and illegally threatened to garnish wages and take other actions with no intention of following through. So how did Ed McMahon's name enter into the story?  According to the FTC, the defendants tried to hide their identity by sending untruthful Caller ID information — for example, by falsely posing as prize pitchman McMahon.  But the illegalities didn't end there.  The FTC says that in addition to violating the Fair Debt Collection Practices Act and Section 5 of the FTC Act, the defendants marketed a \"credit repair\" CD in violation of the Telemarketing Sale Rule, which makes it illegal for companies to charge up-front fees for credit repair goods and services.  (Note to self:  A debt collection outfit charged with FDCPA violation?  Perhaps not the best source for information about \"repairing\" credit.) The defendants entered into a settlement that bans illegal tactics in the future.  The order doesn't just apply to the corporate defendant and the CEO.  Also named individually are the Director of Operations, the General Manager, and a Collection Manager.  In addition, the settlement imposes monetary judgments against the defendants totaling $3.1 million — including a $420,000 judgment against Kevin Luebke's wife, Julissa Luebke.  Most of the judgments are suspended due to the defendants' inability to pay, but if it's later determined they gave false financial information,","id":2882929,"link":"https://www.ftc.gov/business-guidance/blog/2012/05/collection-deception"},{"link":"https://www.ftc.gov/business-guidance/blog/2011/12/science-reliance-compliance","id":2882930,"title":"Science, reliance, and compliance","description":"Science, reliance, and compliance wfg-adm109 December 15, 2011 | 8:52PM Science, reliance, and compliance By Lesley Fair The FTC v. Lane Labs story started with shark cartilage and the latest chapter involves a contempt ruling from a federal judge. If the FTC’s advertising substantiation doctrine is relevant to your company or your clients — and it should be — you’ll want to keep tabs on the case. The FTC’s original action challenged allegedly deceptive anti-cancer claims for two products: BeneFin , a shark cartilage supplement, and SkinAnswer , a skin cream. In addition to a $1 million redress order, Section III of the settlement required the defendants to have competent and reliable scientific evidence to substantiate future health claims. Section IV barred misrepresentations about “the existence, contents, validity, results, conclusions, or interpretations of any test, study or research.” In 2007, the FTC filed civil contempt charges, alleging that the defendants had violated the order. The complaint challenged claims for AdvaCal , a calcium supplement touted as vastly superior to competing calcium products and prescription drugs used to treat osteoporosis, and Fertil Male, a plant derivative advertised to improve fertility. The trial court denied the FTC’s contempt motion, ruling that Lane Labs had “acted in accordance with the spirit” of the order by consulting experts “who opined that the research supporting the product and the product itself were good.” But even if Lane Labs had violated the order, the trial court held that the company was entitled to a defense of substantial compliance, noting that it had undertaken “considerable effort” to comply. On appeal, the United States Court of Appeals for the Third Circuit vacated the trial court’s ruling that the defendants had substantially complied and remanded the case for additional findings. The Court’s discussion of Lane Labs’ superiority claim should be of particular interest to marketers. According to the Court, the company president had sent a pitch letter to the editor of a newsletter describing AdvaCal as “a revolutionary calcium supplement . . . that has been clinically shown to actually build postmenopausal bone density, without the side effects of hormonal drugs or supplements.” The newsletter published an article praising AdvaCal , saying that it “works as well or better than [leading prescription drugs], and without the substantial side effects and risks.” However, as the Third Circuit observed, AdvaCal “has never undergone scientific testing for comparison with any prescription drug.” At trial, the defendants argued that the representation wasn’t theirs and they had no control over the content in the newsletter. The Third Circuit was unconvinced, stating “This assertion was, quite simply, more than a stretch.” It noted that the company had paid for the right to distribute the article and did so “extensively” in direct mail packets and in-store displays. “In short,” the Court held, “the Lane defendants adopted [the newsletter’s] characterization by aggressively promoting the newsletter’s content. They cannot run from the representation now that its veracity has been subjected to the spotlight.” Because the trial court didn’t expressly address the superiority claim or Lane Labs’ use of the article to promote AdvaCal , it was unclear to the Third Circuit “whether the Court found substantiation for the claim or whether it accepted Lane Labs’ attempt to absolve itself from propagating the representation.” In either event, ruled the appellate court, “there is no dispute that the comparability/superiority claim was unsupported by competent or reliable scientific evidence and, by their own admission, the Lane defendants used this claim to market AdvaCal ,” in violation of Section III of the order. As to other ad"},{"title":"Shining a light on misleading claims in auto ads","description":"Shining a light on misleading claims in auto ads lfair November 24, 2015 | 1:15PM Shining a light on misleading claims in auto ads By Lesley Fair People usually think of beacons as radiant lights that attract attention. But the FTC has charged that two Ohio auto dealers (among other things) used the word in a way that kept consumers in the dark. Ads for Progressive Chevrolet Company and Progressive Motors prominently claimed “Sign & Drive Leases ZERO DOWN!!!!!!” and “ALL LEASES ARE Zip, Zero, Zilch – Nothing Down!” By our count, the companies featured one of those “z” words a total of 31 times in the ad. In addition, each picture of a vehicle was accompanied by an eye-catching cost per month. Now to shed some light on the lawsuit’s “beacon” concern. In small print at the very bottom of the ad, it said “Subject to 800 beacon score or higher.” In that context, the “beacon” in question was actually “BEACON,” one type of industry-specific credit score upon which auto financers rely. But do consumers know their BEACON score? Do they even know what a BEACON score is? We can tell you this much. Fewer than 20% of consumers have a BEACON score of 800 or higher, the minimum required to qualify for those advertised payments and “zero” deals. The complaint alleges that Progressive Chevrolet and Progressive Motors violated the FTC Act by representing expressly or by implication that consumers could lease the advertised autos for the down payment and monthly payment prominently featured in the ad. According to the FTC, the companies didn’t adequately disclose that few people would qualify. The FTC also charged that the dealers violated the Consumer Leasing Act and Reg M by stating a monthly payment amount – a term that triggers certain disclosures – without providing the additional information required by law.  To settle the case, the companies have agreed not to misrepresent the cost of leasing or financing. In addition to mandating Consumer Leasing Act and Reg M compliance, the proposed order prohibits any material misrepresentation about the price, sale, financing or leasing of a vehicle. The companies are also barred from advertising a payment amount, or that any or no initial payment is required, without clearly disclosing that the transaction is a lease, the total amount due at consummation or delivery, the number of payments and their amounts and timing, whether a security deposit is required, and that there may be an extra charge at the end of the lease where the consumer’s liability (if any) is based on the difference between the vehicle’s residual value and its value at the end of the lease. What about those sweet deals that only a select few can actually get? In the future, if the companies choose to advertise a monthly payment, periodic payment, down payment, or length of any payment term, they also have to clearly disclose all restrictions or qualifications on a person’s ability to get the advertised deal. If the ad states that consumers must meet a certain credit score to qualify for the offer and a majority of consumers aren’t likely to meet that score, the ad must clearly and conspicuously disclose that fact. What’s the takeaway for other dealers? Clearly and conspicuously disclose material qualifications or limitations on an advertised deal. (Fineprint footnotes aren’t likely to meet that standard.) Furthermore, you’re probably safe with “zebra” and “zombie,” but exercise caution before using “zero” or one of those other “z” words without clearly explaining up front the strings that may be attached. Refer to the Business Center’s Automobiles page for compliance resources.","link":"https://www.ftc.gov/business-guidance/blog/2015/11/shining-light-misleading-claims-auto-ads","id":2882931},{"description":"Billions back to consumers for VW’s false “clean diesel” claims lfair June 28, 2016 | 9:33AM Billions back to consumers for VW’s false “clean diesel” claims By Lesley Fair The FTC just announced a partial settlement with Volkswagen Group of America that will return as much as $10 billion to owners and lessees of VW and Audi 2.0 liter diesel cars. As the largest false advertising case in FTC history, it’s a record-breaking win for consumers – and it’s in keeping with the law-breaking nature of the deception the FTC alleged in its lawsuit against VW. “Clean diesel” was the focus of Volkswagen’s massive marketing campaign pitching its vehicles as an attractive option for environmentally-conscious car buyers. But according to the FTC , VW scored those emissions numbers by installing in each car a “defeat device” that cheated on testing. In a related partial settlement with the U.S. Department of Justice and California Attorney General, Volkswagen will spend an another $4.7 billion to mitigate pollution and invest in the increased use of zero-emissions cars. That portion of the case stems from charges by the U.S. Environmental Protection Agency and the California Air Resources Board (CARB) that Volkswagen violated the Clean Air Act and the California Health and Safety Code. What will owners and lessees of affected VWs and Audis get under the settlement? They’ll have their choice of: a buyback or early lease termination that factors in an additional cash payment; or if approved by the EPA and CARB, a modification to their car to improve emissions and a cash payment. (Some former owners and lessees may be eligible for a cash payment, too.)  Right now, consumers can use these charts to estimate how much they’ll get: Options for Owners Options for Lessees These factors also affect compensation: Passat and A3 Mileage Adjustments Beetle and Jetta Mileage Adjustments Golf Mileage Adjustments Regional Chart Owners and lessees should visit VWCourtSettlement.com , enter their Vehicle Identification Number (VIN) to see if their car qualifies, and bookmark the site for updates. After the settlements are approved by the Court, Volkswagen and the attorneys representing owners and lessees will mail eligible consumers an information packet. The exact dollar amount of each buyback will depend on things like the model, year, style, mileage, and options – but consumers will be offered more than the current value of the car to compensate them for VW’s false advertising. Those who opt for a modification will also get a compensation payment. If you have clients who own affected cars, they don’t have to make a decision now. But they should watch their mail for a large envelope and visit VWCourtSettlement.com regularly for updates. Consumers also can call 844-98-CLAIM. With settlements totaling in the multi-billions, it’s hard to imagine that a case could convey a more important big-picture message for advertisers, but we think there is one: Companies owe consumers the truth. The FTC will use the legal tools at its disposal – and will work cooperatively with federal and state agencies and those representing individual consumers – to see that advertisers live up to that obligation.","title":"Billions back to consumers for VW’s false “clean diesel” claims","id":2882932,"link":"https://www.ftc.gov/business-guidance/blog/2016/06/billions-back-consumers-vws-false-clean-diesel-claims"},{"id":2882933,"link":"https://www.ftc.gov/business-guidance/blog/2017/07/start-security-stick-it","description":"Start with security – and stick with it lfair July 28, 2017 | 11:30AM Start with security – and stick with it By Thomas B. Pahl, Acting Director, FTC Bureau of Consumer Protection When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies. The FTC’s Start with Security initiative was built on those fundamentals. As we mentioned in last week’s introductory post , we’re calling this series Stick with Security because each blog post will offer a deeper dive into one of the ten principles discussed in Start with Security . Although the principles remain unchanged, we’ll use these posts – one every Friday for the next several months – to explore the lessons of law enforcement actions announced since Start with Security , to reflect on what businesses can learn from investigations that FTC staff ultimately closed, and to address experiences businesses have shared with us about how they implement Start with Security in their workplaces. Don’t collect personal information you don’t need. It’s a simple proposition: If you don’t ask for sensitive data in the first place, you won’t have to take steps to protect it. Of course, there will be data you must maintain, but the old habit of collecting confidential information “just because” doesn’t hold water in the cyber era. There’s another advantage of collecting only what you need. A lean subset of confidential data is easier to protect than massive amounts of sensitive information stockpiled on networks and in file cabinets throughout your company. Businesses that sensibly limit what they collect have already reduced their security risks and streamlined their compliance procedures. Example: A local garden center introduces a frequent buyer program. The application asks customers for a substantial amount of personal information, including Social Security numbers, and the garden center maintains the applications in its files. Because the store has no business reason to collect customers’ Social Security numbers, it’s taking an unnecessary risk by asking for that information in the first place and exacerbating that risk by keeping customers’ applications on file. Example: A bakery sends customers a coupon for a free birthday muffin. Rather than maintaining a record of all customers’ dates of birth – information that could be combined with other data and used for unauthorized purposes – the bakery directs its cashiers to add only the customer’s name, email address, and birth month to the database. Although there are legitimate reasons why other businesses might need to retain a customer’s date of birth, the exact day, month, and year isn’t necessary for the bakery’s birthday promotion. Example: A tire shop experiences a breach involving information about its 7000 customers. The data includes customers’ names, loyalty numbers for the shop, and the date of their last tire rotation. FTC staff decides not to pursue a law enforcement action because, among other factors, the company had made the sound decision not to collect sensitive information unnecessarily and had taken reasonable steps to secure its network in light of the limited information it maintained. Hold onto information only as long as you have a legitimate business need. Movie fans will remember the last scene of “Raiders of the Lost Ark” – a football field-sized warehouse stacked to the vaulted ceiling with everyday items piled alongside priceless treasures. That’s how data thieves view some businesses’ haphazard method for maintaining their networks and files. Security-conscious companies make it a practice to review the data in their possession","title":"Start with security – and stick with it"},{"description":"Online sellers: How the INFORM Consumers Act could impact your business lfair August 18, 2023 | 12:43PM Online sellers: How the INFORM Consumers Act could impact your business By Lesley Fair The INFORM Consumers Act took effect on June 27, 2023. The FTC has issued staff guidance for online marketplaces and now we have advice for online sellers whose businesses may be affected by the new law. Congress passed the Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act – or the INFORM Consumers Act – to make online transactions more transparent. The law requires “online marketplaces” to collect, verify, and disclose certain information about “high-volume third party sellers.” Informing Businesses about the INFORM Consumers Act explains more about how the law defines those terms, discusses what’s required of online marketplaces, and outlines the substantial penalties the FTC and state law enforcers may seek if online marketplaces violate the law. A new FTC publication, What Third Party Sellers Need to Know About the INFORM Consumers Act , looks at the statute from the perspective of businesses that sell via online platforms – for example, what sellers are impacted, what you can expect online platforms to require of you, and what information platforms must disclose about you to consumers. It also answers some questions you may have about the law. Have you spotted a violation of the INFORM Consumers Act? Report it to the FTC.  We have a dedicated link where you can let us know about possible INFORM Consumers Act violations.   Image        ","title":"Online sellers: How the INFORM Consumers Act could impact your business","id":2882924,"link":"https://www.ftc.gov/business-guidance/blog/2023/08/online-sellers-how-inform-consumers-act-could-impact-your-business"},{"id":2882925,"link":"https://www.ftc.gov/business-guidance/blog/2022/04/ftc-charges-battery-maker-first-case-under-made-usa-labeling-rule","title":"FTC charges battery maker in first case under Made in USA Labeling Rule","description":"FTC charges battery maker in first case under Made in USA Labeling Rule lfair April 12, 2022 | 2:15PM FTC charges battery maker in first case under Made in USA Labeling Rule By Lesley Fair For people who prefer to buy Made in USA merchandise, products from Lithionics Battery LLC seemed like an attractive option. According to the FTC, Lithionics and General Manager Steven Tartaglia used phrases and American flag images to convey a Made in USA marketing message for their battery, battery module, and battery management system products. But don’t wave Old Glory just yet. As the FTC’s first action under the new Made in USA Labeling Rule alleges, the lithium ion cells Lithionics used were actually made in China. The proposed settlement includes a civil penalty of $105,319.56 and requires changes in how the company makes Made in USA claims.      Image Lithionics sells battery products for recreational vehicles, marine applications, and similar uses. The defendants labeled their merchandise with an image of the flag image surrounded by the words “Made in U.S.A.” Sometimes they added the phrase “Proudly Designed and Built in USA.” The defendants doubled down on those representations on the Lithionics website, in mail order catalogs, and in social media. For example, the complaint cites YouTube videos featuring Tartaglia and company employees putting Made in USA labels on Lithionics products. Other marketing materials featured a chart comparing the “advantage[s] of Lithionics battery systems” to what are described as “imports.”     Image Under the Made in USA Labeling Rule , marketers are prohibited from labeling products as “Made in USA” unless all or virtually all ingredients or components are made and sourced in the United States. What’s more, the final assembly or processing – and all significant processing that goes into the product – must occur in the US.   But according to the FTC, Lithionics battery and battery module products incorporated Chinese-made lithium ion cells, and Lithionics battery management systems included significant imported components. That’s why the FTC says the defendants’ “Made in USA” claims were deceptive.   The complaint , which names both Lithionics and Tartaglia, alleges violations of the Made in USA Rule and Section 5 of the FTC Act. In addition to a civil penalty of $105,319.56 authorized under the new Rule, the proposed settlement includes injunctive provisions that will change how the defendants do business going forward. For example, the order prohibits them from making unqualified U.S.-origin claims unless they have proof that the product’s final assembly or processing – and all significant processing – takes place in the US and that all or virtually all ingredients or components are made and sourced here.   The order further requires that any qualified Made in USA claims include clear disclosures about the extent to which the product contains foreign parts, ingredients, or components, or involved foreign processing. Finally, if the defendants convey that a product is assembled in the United States, they must ensure it was last substantially transformed in the US, its principal assembly took place here, and US assembly operations are substantial.   If your company makes Made in USA claims, the case offers two important compliance notes.   Review the Rule to keep your representations red, white, and true. If you make Made in USA claims, do they comport with the Made in USA Labeling Rule ? The new civil penalty remedy can make non-compliance costly. If necessary, take care to qualify your claims. If you make Made in USA"},{"id":2882926,"link":"https://www.ftc.gov/business-guidance/blog/2014/03/default-lines-how-ftc-says-credit-karma-fandango-sslighted-security-settings","description":"Default lines: How the FTC says Credit Karma and Fandango SSLighted security settings wfg-adm109 March 28, 2014 | 9:35AM Default lines: How the FTC says Credit Karma and Fandango SSLighted security settings By Lesley Fair Imagine a burly doorman at an exclusive party.  When someone claims to be a guest, the doorman checks their invitation and runs it against the names on the list.  If it doesn’t match up, the person won’t make it through the velvet rope.  But what happens if the doorman isn’t doing his job?  His lapse could allow a ringer into the party to scarf up the hors d’oeuvres and steal the valuables.  It’s not a perfect analogy, of course, but the FTC’s settlements with credit information company Credit Karma and movie ticket site Fandango demonstrate the dangers when companies override the default settings of operating systems designed to authenticate and secure the connections used to transmit sensitive information. Here’s how things work after a consumer has downloaded an app onto a device.  Think of Secure Sockets Layer (SSL), the industry-standard protocol to establish encrypted connections, as the doorman.  When an online service wants to connect to an app, the service presents an SSL certificate to vouch for its identity.  Once the app validates the certificate, the online service is allowed through the velvet rope and establishes an encrypted connection to the device so the consumer can send information.  This one-two punch of validation through an SSL certificate and encryption creates a safer way for people to transmit sensitive data. But fraudsters have been known to use spoofing techniques to mount what are called man-in-the-middle attacks.  If the app doesn’t check the SSL certificate, an attacker can use an invalid certificate to get their foot in the door and establish a connection to intercept information sent between the app and the online service.  Neither the person using the app nor the online service realizes what’s going on. Securing the transmission of personal information against threats like man-in-the-middle attacks is so important that the iOS and Android operating systems provide developers with easy-to-use application programming interfaces – APIs – to implement SSL.  By default, these APIs automatically validate SSL certificates and reject the connection if the certificate is invalid. The developer documentation for both the iOS and Android operating systems uses particularly strong language to warn against disabling those default validation settings.  According to the iOS documentation, failing to validate SSL certificates “eliminates any benefit you might otherwise have gotten from using a secure connection.  The resulting connection is no safer than sending the request via unencrypted HTTP because it provides no protection from spoofing by a fake server.”  The Android documentation doesn’t mince words either:  An app that doesn’t validate SSL certificates “might as well not be encrypting communication, because anyone can attack users at a public Wi-Fi hot spot . . . [and] the attacker can then record passwords and personal data.” According to the FTC, Credit Karma and Fandango ignored those “Don’t go there” warnings.  While developing its iOS app, which lets consumers get their credit scores and monitor other financial data, Credit Karma authorized a service provider to use code that disabled SSL certificate validation for the purpose of testing.  But the FTC says Credit Karma let the app go to market without turning the default settings back on.  So between July 18, 2012, and around January 1, 2013, the company’s iOS app was vulnerable to man-in-the-middle attacks, putting users’ Social Security numbers, dates of birth, and credit report data at risk. How did CreditKarma find out about the problem?  According to the FTC, not through its own in-house","title":"Default lines: How the FTC says Credit Karma and Fandango SSLighted security settings"},{"title":"4 tips businesses can take from the FTC’s $19+ million Google settlement","description":"4 tips businesses can take from the FTC’s $19+ million Google settlement wfg-adm109 September 4, 2014 | 12:39PM 4 tips businesses can take from the FTC’s $19+ million Google settlement By Lesley Fair The polar bears and penguins sold within kids’ apps offered in the Google Play Store may have been virtual, but the unauthorized charges Moms and Dads got stuck with were all too real.  A proposed FTC settlement will refund at least $19 million to parents whose accounts were charged illegally, according to the complaint, and will implement enforceable changes in how Google handles in-app purchases.  Of course, the order applies just to Google, but the case offers compliance tips for anyone in the app industry.  How do your practices measure up? Many of the kids’ apps available from Google – even some of the free ones – offer in-app purchases.  At a per-click cost that ranges from 99 cents to $200, they don’t come cheap.  According to the FTC , when Google first introduced in-app charges in 2011, the company didn’t require a password or other method to get the account holder’s authorization.  Kids could incur in-app charges billable to their parents simply by clicking on popups within the app – as Moms and Dads found out when they checked their statements and learned that all those clicks had resulted in hefty unauthorized charges. Sometime in 2012, Google changed its procedures and started to present a popup that asked for the account holder’s password before purchase.  But the FTC says Google’s purported “fix” didn’t solve the problem – and actually introduced confusing new wrinkles.  For example, the new popup just asked the account holder to type in their password and click CONFIRM, but never mentioned anything about charging for an in-app purchase.  But it gets worse:  Google didn’t tell people that entering a password opened a 30-minute window where kids could rack up unlimited charges without Mom or Dad’s approval.  In effect, how Google chose to design its payment system created a half-hour shopping spree for kids, with parents obligated to pay the piper.  In this case, the piper was Google, which pocketed about 30% for every app sold in its store. This isn’t the FTC’s first salvo against unauthorized in-app charges in kids’ apps.  In January, it was a $32.5 million settlement with Apple that requires the company to get the account holder’s express, informed consent.  In July, the FTC sued Amazon.com , also seeking full refunds for consumers and an order requiring informed consent for in-app charges.  (That case is pending in federal court in Seattle.) For members of the app industry interested in keeping their practices within the law, what tips can they take from the Google settlement ? 1)  Get consumers’ express consent before billing them.   It’s hardly a novel concept, but it bears repeating:  It’s illegal to place charges on consumers’ accounts without their permission.  That was the law before the advent of mobile apps and we’ll go out on a limb and say the same principle will apply to The Next New Thing.  Regardless of what you sell or how you sell it, get people’s informed OK before billing them. 2)  Read – and heed – your mail.   According to the complaint, Google started to get flak from consumers almost as soon as it introduced in-app purchases in kids’ apps.  The FTC’s complaint cites just a few of the thousands of communications from parents that should have made it crystal-clear to Google that it had a problem on its hands.  What’s the message for marketers?  One insightful – and free – gauge of what’s going on in the marketplace is what your customers are telling you. 3)  Listen to your staff.   It wasn’t just parents who expressed concerns.  In","link":"https://www.ftc.gov/business-guidance/blog/2014/09/4-tips-businesses-can-take-ftcs-19-million-google-settlement","id":2882927},{"title":"The Air Navigation (Restriction of Flying) (Gatcombe Park) (Restricted Area EGR1U083) Regulations 2026","id":2882781,"link":"http://www.legislation.gov.uk/id/uksi/2026/504http://www.legislation.gov.uk/uksi/2026/504/madehttp://www.legislation.gov.uk/uksi/2026/504/pdfs/uksi_20260504_en.pdfhttp://www.legislation.gov.uk/uksi/2026/504/contents/made"},{"title":"The Air Navigation (Restriction of Flying) (Husbands Bosworth) (Restricted Area EGR2U063) Regulations 2026","link":"http://www.legislation.gov.uk/id/uksi/2026/505http://www.legislation.gov.uk/uksi/2026/505/madehttp://www.legislation.gov.uk/uksi/2026/505/pdfs/uksi_20260505_en.pdfhttp://www.legislation.gov.uk/uksi/2026/505/contents/made","id":2882782},{"link":"http://www.legislation.gov.uk/id/uksi/2026/506http://www.legislation.gov.uk/uksi/2026/506/madehttp://www.legislation.gov.uk/uksi/2026/506/pdfs/uksi_20260506_en.pdfhttp://www.legislation.gov.uk/uksi/2026/506/contents/made","id":2882783,"title":"The Air Navigation (Restriction of Flying) (Almondsbury) (Restricted Area EGR1U081) Regulations 2026"},{"title":"The Air Navigation (Restriction of Flying) (Lippitt’s Hill) (Restricted Area EGR1U082) Regulations 2026","id":2882784,"link":"http://www.legislation.gov.uk/id/uksi/2026/507http://www.legislation.gov.uk/uksi/2026/507/madehttp://www.legislation.gov.uk/uksi/2026/507/pdfs/uksi_20260507_en.pdfhttp://www.legislation.gov.uk/uksi/2026/507/contents/made"},{"id":2882785,"link":"http://www.legislation.gov.uk/id/ssi/2026/189http://www.legislation.gov.uk/ssi/2026/189/madehttp://www.legislation.gov.uk/ssi/2026/189/pdfs/ssi_20260189_en.pdfhttp://www.legislation.gov.uk/ssi/2026/189/contents/made","title":"The M77/A77 Trunk Road (Girvan) (Temporary Prohibitions of Traffic and Temporary 10mph Speed Restriction) (No. 2) Order 2026"},{"title":"English Devolution and Community Empowerment Act 2026","description":"An Act to make provision about combined authorities, combined county authorities, the Greater London Authority, local authorities, police and crime commissioners and fire and rescue authorities, local audit and terms in business tenancies about","id":2882777,"link":"http://www.legislation.gov.uk/id/ukpga/2026/23http://www.legislation.gov.uk/ukpga/2026/23/enactedhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.xmlhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.rdfhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.aknhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.xhthttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.htmlhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.htmhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.csvhttp://www.legislation.gov.uk/ukpga/2026/23/enacted/data.pdfhttp://www.legislation.gov.uk/ukpga/2026/23/contents/enacted"},{"id":2882778,"link":"http://www.legislation.gov.uk/id/asp/2026/14http://www.legislation.gov.uk/asp/2026/14/enactedhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.xmlhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.rdfhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.aknhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.xhthttp://www.legislation.gov.uk/asp/2026/14/enacted/data.htmlhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.htmhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.csvhttp://www.legislation.gov.uk/asp/2026/14/enacted/data.pdfhttp://www.legislation.gov.uk/asp/2026/14/contents/enacted","description":"An Act of the Scottish Parliament to make provision imposing a tax (to be known as the Scottish building safety levy) charged in relation to a step in the building control process following the construction of, or conversion works creating, certain new buildings, the proceeds of which are payable to the Scottish Ministers towards meeting any building safety","title":"Building Safety Levy (Scotland) Act 2026"},{"id":2882779,"link":"http://www.legislation.gov.uk/id/uksi/2026/498http://www.legislation.gov.uk/uksi/2026/498/madehttp://www.legislation.gov.uk/uksi/2026/498/made/data.xmlhttp://www.legislation.gov.uk/uksi/2026/498/made/data.rdfhttp://www.legislation.gov.uk/uksi/2026/498/made/data.aknhttp://www.legislation.gov.uk/uksi/2026/498/made/data.xhthttp://www.legislation.gov.uk/uksi/2026/498/made/data.htmlhttp://www.legislation.gov.uk/uksi/2026/498/made/data.htmhttp://www.legislation.gov.uk/uksi/2026/498/made/data.csvhttp://www.legislation.gov.uk/uksi/2026/498/made/data.pdfhttp://www.legislation.gov.uk/uksi/2026/498/contents/made","title":"The Skills and Post-16 Education Act 2022 (Commencement No. 1) Regulations 2026","description":"These are the fourth commencement regulations made under the Skills and Post-16 Education Act 2022 (c. 21) (“the 2022"},{"link":"http://www.legislation.gov.uk/id/uksi/2026/503http://www.legislation.gov.uk/uksi/2026/503/madehttp://www.legislation.gov.uk/uksi/2026/503/pdfs/uksi_20260503_en.pdfhttp://www.legislation.gov.uk/uksi/2026/503/contents/made","id":2882780,"title":"The Air Navigation (Restriction of Flying) (Carr Gate) (Restricted Area EGR3U053) Regulations 2026"},{"link":"https://www.hcch.net/fr/news-archive/details/?varevent=1050","id":2882674,"description":"Le 5 mars 2025, le Conseil sur les affaires générales et la politique (CAGP) de la HCCH a accueilli la République du Rwanda en tant que nouveau Membre de l'Organisation. Il a également été témoin de la présentation de la demande d'admission en tant que Membre de la République du Guatemala, de la signature de la Convention du 30 juin 2005 sur les accords d'élection de for (Convention Élection de for de 2005) par la République du Costa Rica, et de la ratification par","title":"CAGP de 2025 : nouveaux Membres, nouvelles ratifications et signatures"},{"link":"https://www.hcch.net/fr/news-archive/details/?varevent=1051","id":2882675,"title":"CAGP de 2025 – Conclusions et Décisions désormais disponibles !","description":"Le Conseil sur les affaires générales et la politique (CAGP) s'est réuni du 4 au 7 mars 2025. La réunion a rassemblé plus de 491 participants, représentant 75 Membres de la HCCH, quatre États non membres, cinq organisations intergouvernementales, neuf organisations non gouvernementales internationales, ainsi que des membres du Bureau Permanent (BP). Les Conclusions et Décisions adoptées par le CAGP sont désormais disponibles en anglais, en français et en espagnol. Le CAGP"},{"title":"Publication du Rapport annuel de la HCCH de 2024","description":"Le Bureau Permanent a le plaisir d'annoncer la publication du Rapport annuel 2024 de la HCCH. Au cours de l'année écoulée, la HCCH a poursuivi l'avancement de ses travaux législatifs et la promotion du bon fonctionnement de ses Conventions. Elle a organisé avec succès des réunions de deux Groupes d'experts, huit Groupes de travail et une Commission spéciale sur le fonctionnement pratique des Conventions Notification de 1965, Preuves de 1970, et Accès à la justice de 1980. Parmi les autres","link":"https://www.hcch.net/fr/news-archive/details/?varevent=1049","id":2882673},{"description":"At a meeting of the Committee on Rules of Origin (CRO) on 11-12 May, WTO members advanced work on transparency and notification practices, discussed the future direction of work on preferential rules of origin for least-developed countries (LDCs), and participated in an information session on the links between trade facilitation and rules of origin. The meeting was chaired by Ms Carol Tsang of Hong Kong,","title":"Members advance transparency work in rules of origin, explore trade facilitation links","link":"https://www.wto.org/english/news_e/news26_e/roi_11may26_388_e.htm","id":2881918},{"link":"https://www.ftc.gov/business-guidance/blog/2020/02/ftc-challenges-online-trading-academys-money-making-claims","id":2881813,"title":"FTC challenges Online Trading Academy’s money-making claims","description":"FTC challenges Online Trading Academy’s money-making claims lfair February 12, 2020 | 4:35PM FTC challenges Online Trading Academy’s money-making claims By Lesley Fair Ads for health products often target Boomer Consumers, but those aren’t the only claims pitched to people looking toward retirement. An FTC action alleges a company called Online Trading Academy has taken in more than $370 million by gearing its deceptive representations to that demographic. In addition, the complaint alleges violations of the Consumer Review Fairness Act. According to the FTC, the California-based operation, related companies, and three individual defendants advertise a “patented strategy” that consumers can apply “to any asset class including stocks, options, futures and currencies” to rake in big money. They claim their “training programs” – with price tags as high as $50,000 – will teach consumers how to “invest like the pros on Wall Street.” ”No matter your experience and goals,” people were told the defendants’ “proven” strategy was “designed to make money in any market, whether it’s going up or down.” The complaint recounts the process the defendants use to attract consumers through TV and radio ads, online promotions, and direct mail. First comes an in-person “preview” seminar. Next, people pay $299 for a three-day “orientation.” That’s where the defendants urge attendees to sign up for seminars costing thousands more. The defendants assign each attendee an “Education Counselor” – a/k/a salesperson working on commission – who follows up by phone or email. According to the complaint, the defendants train their Education Counselors not to “look like, act like or sound like, a traditional salesperson,” but instead to take on a “role” and lead consumers through “The Pain Funnel,” Q&A designed to overcome consumer qualms. To get people to sign up for more seminars, the defendants routinely offer to finance all or part of the cost with loans at 18%, with the promise to forgive the interest if the consumer pays the total off within six months. The FTC says that in some instances, the defendants lead buyers to believe they’ll be able to repay the loan quickly with money they’ll make using that “patented strategy.” So how much does Online Trading Academy say consumers will earn? A central theme of their pitch is “You don’t have to work on Wall Street to make money like Wall Street.” Infomercials feature purchasers claiming that “in three hours I made $12,000” or “I made $32,000 in less than seven trading days.” In a YouTube video, a retiree says he made “$40,000 in a single trade.” In addition, a speaker at a live event claimed consumers “could potentially make $50,000 of annual income with an account size as low as $5,000” because Online Trading Academy has “a patent on the fact that you can time the markets,” which “gives us the ability to know when to get in and when to get out, long-term and short-term.” Other speakers – including some of the named defendants – paint a picture of lavish lifestyles filled with international travel, a “super luxury car” every year, and homes in areas where kids have “live-in nannies, cooks, gardeners.” One speaker said the money he made using Online Trading Academy’s strategy allows him to live in an enclave so exclusive that a neighbor, a renowned Olympic gold medalist, taught his daughter to swim. But the facts paint a different picture. The FTC alleges the defendants don’t systematically collect data sufficient to substantiate their earnings claims. But even the evidence they do have gave them good reason to know their representations are deceptive. For starters, according to the FTC, the defendants know that few consumers who"},{"title":"When third-party service providers are party to sensitive data","description":"When third-party service providers are party to sensitive data lfair November 12, 2019 | 12:02PM When third-party service providers are party to sensitive data By Lesley Fair Entrepreneurs wear a lot of hats. In addition to marketing their products, they’re responsible for operational functions like inventory, ordering, and the protection of customer data. Rather than managing all that millinery, some businesses turn to third-party service providers to run things behind the scenes. But what steps are those companies taking to secure the confidential consumer information in their possession? That’s one issue raised by the FTC’s proposed settlement with Utah-based InfoTrax Systems . InfoTrax provides operations systems and online distributor tools for the direct sales industry. Multi-level marketers contract with InfoTrax to run their web portals. Through those portals, people register with MLMs as distributors, sign up new distributors, and place orders for themselves and for the consumers who buy from them. Those transactions involve large amounts of sensitive data – full names, credit and debit cards with expiration dates and three-digit CVV numbers, bank account data, Social Security numbers, user IDs and passwords, etc. Let’s be clear: We’re not talking about a name here or an account number there. By September 2016, InfoTrax stored personal information from approximately 11.8 million consumers. But according to the complaint, InfoTrax engaged in a series of data fails that created vulnerabilities on its network, weaknesses that allowed unauthorized access to confidential consumer information. Among other things, the FTC alleges that: InfoTrax failed to perform adequate code review and penetration testing to assess cyber risks; InfoTrax failed to take precautions to detect malicious file uploads; InfoTrax failed to adequately limit where on its network third parties could upload unknown files; InfoTrax failed to adequately segment its network to ensure that one client’s distributors couldn’t access another client’s data; InfoTrax failed to implement safeguards to detect suspicious activity – for example, the company didn’t have an effective intrusion detection system to spot questionable queries; didn’t use file integrity monitoring tools to determine when files had been altered, and didn’t regularly monitor for unauthorized attempts to transfer sensitive data from its network; InfoTrax stored confidential information, including Social Security numbers, credit and debit card numbers, user IDs, and passwords in clear, readable text; and InfoTrax didn’t have a systematic process for deleting consumers’ personal information it no longer had a business need to keep on its network. What happened as a result of those failures shouldn’t come as a surprise. According to the complaint, sometime in 2014 an intruder exploited security vulnerabilities on InfoTrax’s server and a client’s website to upload malicious code that gave the intruder remote access to data on InfoTrax’s network – something that was done a total of 17 times in a two-year period, all without InfoTrax spotting the problem. You’ll want to read the complaint for details, but the FTC alleges the intruder used multiple means to make off with highly sensitive financial information about InfoTrax’s clients and end consumers. Finally, on March 7, 2016, almost two years after the data thefts began, InfoTrax got an inkling of the multiple breaches. The tip-off came in the form of an alert that one of its servers had reached its maximum capacity, a warning the company received only because an intruder had created a data archive so massive that the disk ran out of space. The FTC says that only then did the company take steps to remove the intruder from its network. But even so, the intruder continued to grab data from InfoTrax’s server for a few more weeks. The complaint alleges that InfoTrax’s failure to employ reasonable data","link":"https://www.ftc.gov/business-guidance/blog/2019/11/when-third-party-service-providers-are-party-sensitive-data","id":2881814},{"title":"Stick with Security: Require secure passwords and authentication","description":"Stick with Security: Require secure passwords and authentication lfair August 11, 2017 | 10:47AM Stick with Security: Require secure passwords and authentication By Thomas B. Pahl, Acting Director, FTC Bureau of Consumer Protection To make it harder for hackers to bluff their way onto a computer network, careful companies follow the advice of Start with Security and require strong authentication practices . We’ve considered FTC settlements, closed investigations, and the questions we get from businesses about implementing good authentication “hygiene.” Here are some tips on using effective authentication procedures to help safeguard your network. Insist on long, complex, and unique passwords. A password’s very reason for being is to be easy for a user to remember, but hard for a fraudster to figure out. Obvious choices like ABCABC, 121212, or qwerty are the digital equivalent of a “hack me” sign. Furthermore, experts have determined that passphrases or longer passwords are generally harder to crack. The smarter strategy is for companies to think through their standards, implement minimum requirements, and educate users about how to create stronger passwords. Also, when you install software, applications, or hardware on your network, computers, or devices, change the default password immediately. And if you design products that require consumers to use a password, configure the initial set-up so they have to change the default password. Example: A staff member attempts to select payroll as the password for the database that includes employee payroll information. The company sets up its system to reject an obvious choice like that. Example: To access the corporate network, a business allows employees to type in their username and a shared password common to everyone who works there. Employees are also allowed to use that shared password to access other services on the system, some of which contain sensitive personal information. The more prudent policy would be to require strong, unique passwords for each employee and to insist that they use different passwords to access different applications. Example: At a staff meeting, a company’s IT manager offers tips for employees about good password hygiene. She explains that passphrases or longer passwords are better than short passwords based on standard dictionary words or well-known information (for example, a child’s name, a pet, a birthday, or a favorite sports team). By establishing a more secure corporate password standard and educating employees about implementing it, the IT manager is taking a step to help her company reduce the risk of unauthorized access. Store passwords securely. A company’s first line of defense against data thieves is a workforce trained to keep passwords secret. But even the strongest password is ineffective if an employee writes it on a sticky note on her desk or shares it with someone else. Train your staff not to disclose passwords in response to phone calls or emails, including ones that may appear to be coming from a colleague. Con artists have been known to impersonate corporate officials by spoofing phone numbers or email addresses. A compromised password poses a particular risk if it can be used to open the door to even more sensitive information – for example, a database of other user credentials maintained on the network in plain, readable text. Make it difficult for data thieves to turn a lucky password guess into a catastrophic breach of your company’s most sensitive data by implementing policies and procedures to store credentials securely. Example: A new employee gets a call from someone who claims to be the company’s system administrator. The caller asks him to verify his network password. Because the new staffer learned about impersonation scams at an in-house security orientation, he refuses to disclose his password and instead reports the incident to the appropriate person in the company. Example: A company keeps user credentials and other passwords in plain","id":2881808,"link":"https://www.ftc.gov/business-guidance/blog/2017/08/stick-security-require-secure-passwords-authentication"}]