Abiding by privacy standards is a big deal, even if those standards are voluntary. Twelve businesses, some that handle sensitive personal data about health and employment, were found to falsely claim they abided by international privacy frameworks.
The U.S.-EU Safe Harbor Framework enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law. The FTC said the complaint doesn’t mean the companies actually inappropriately shared consumer’s personal information.
The companies, including three NFL teams — the Denver Broncos, Tennessee Titans and Atlanta Flacons — did not comply with the voluntary programs, which are administered by the U.S. Department of Commerce in consultation with the European Commission and Switzerland. To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement.
Companies involved in the complaint are:
- Apperian, Inc. – a company specializing in mobile applications for business enterprises and security;
- Atlanta Falcons Football Club, LLC;
- Baker Tilly Virchow Krause, LLP – an accounting firm;
- BitTorrent, Inc. – a provider of peer-to-peer file sharing protocol;
- Charles River Laboratories International, Inc. – a global developer of early-stage drug discovery processes;
- DataMotion, Inc. – a provider of platform for encrypted email and secure file transport;
- DDC Laboratories, Inc. – a DNA testing lab and the world’s largest paternity testing company;
- Level 3 Communications, LLC – one of the six largest ISPs in the world;
- PDB Sports, Ltd., d/b/a Denver Broncos Football Club;
- Reynolds Consumer Products Inc. – maker of foil and other consumer products;
- Receivable Management Services Corporation – a global provider of accounts receivable, third-party recovery, bankruptcy and other services;
- Tennessee Football, Inc. – Tennessee Titans
To settle the complaint the companies agreed to no longer misrepresent the extend of their participation in any privacy or data security program sponsored by the government.