Skip to main content
You are here: News

News

The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.

Array

FTC Settlements Stop Debt Collection Scheme

Defendants falsely threatened consumers with arrest for not paying debts

The operators of an illegal debt collection scheme have agreed to be permanently banned from the debt collection business in order to settle FTC charges that they falsely threatened to have people arrested if their debts were not paid.

The defendants, Gregory MacKinnon, Angela Burdorf, Vantage Point Services LLC and Payment Management Solutions, and Joseph Ciffa and Bonified Payment Solutions Inc., falsely claimed consumers would spend up to 120 days in jail or pay thousands of dollars in bail, according to a complaint filed by the FTC and the New York Attorney General’s Office.

According to the complaint, the defendants also failed to provide information about their identities during phone calls, or information about the supposed debt within five days of a call, as required by law, and illegally added unauthorized amounts to consumer’s debts.

The settlement orders also prohibit these defendants from misrepresenting material facts about financial-related products and services, profiting from customers’ personal information collected as part of the challenged practices, and failing to dispose of such information properly.

The orders impose a judgment of $22.5 million against Gregory MacKinnon, Vantage Point Services LLC, Joseph Ciffa and Bonified Payment Solutions, Inc. The orders impose a judgment of $4.4 million against Angela Burdorf and Payment Management Solutions Inc. The judgment against Ciffa and Bonified Payment Solutions will be suspended due to their inability to pay. The full judgment against Ciffa and Bonified Payment Solutions will become due immediately if they are found to have misrepresented their financial condition.

The Commission vote approving the proposed stipulated order against Gregory MacKinnon, Angela Burdorf, Vantage Point Services and Payment Management Solutions was 5-0. The Commission vote approving the proposed stipulated order against Ciffa and Bonified Payment Solutions was 5-0. The U.S. District Court for the Western District of New York entered the orders on September 17, 2018, and July 16, 2018, respectively.

NOTE: Stipulated final orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
21 Sep 2018, 10:00pm AEST

Starting Today, New Federal Law Allows Consumers to Place Free Credit Freezes And Yearlong Fraud Alerts

Starting today, consumers who are concerned about identity theft or data breaches can freeze their credit and place one-year fraud alerts for free.

Under the new Economic Growth, Regulatory Relief, and Consumer Protection Act, consumers in some states – those who previously had to pay fees to freeze their credit – will no longer have to do so.

A credit freeze, also known as a security freeze, restricts access to a consumer’s credit file, making it harder for identity thieves to open new accounts in the consumer’s name. The new law also allows parents to freeze for free the credit of their children who are under 16, while guardians, conservators, and those with a valid power of attorney can get a free freeze for their dependents.

In addition, the new law extends the duration of a fraud alert on a consumer’s credit report from 90 days to one year. A fraud alert requires businesses that check a consumer’s credit to get the consumer’s approval before opening a new account.

As part of its work to implement the new law, the Federal Trade Commission has updated its IdentityTheft.gov website with credit bureau contact information, making it easier for consumers to take advantage of the new provisions outlined in the law.

To place a credit freeze on their accounts, consumers will need to contact all three nationwide credit bureaus: Equifax, Experian, and TransUnion. Whether consumers ask for a freeze online or by phone, the credit bureau must put the freeze in place within one business day. When consumers request to lift the freeze by phone or online, the credit bureaus must take that action within one hour. (If consumers make these requests by mail, the agency must place or lift the freeze within three business days.)

To place a fraud alert, consumers need only contact one of the three credit bureaus, which will notify the other two bureaus.

Credit freezes and fraud alerts are two important steps consumers can take to help prevent identity theft. Identity theft was the second biggest category of consumer complaints reported to the FTC in 2017 -- making up nearly 14 percent of all the consumer complaints filed last year. Consumers who believe they have been the victim of identity theft can report it and receive a personalized recovery plan at IdentityTheft.gov.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.


Federal Trade Commission, United States
Source: Press Release Feed
21 Sep 2018, 10:00pm AEST

Privacy in the news (14-20 September 2018)

Welcome to our weekly roundup of privacy stories in the news media.

Fitbit data tells story of murder victim

After Fitbit data helped tell the story of murder victim Kim Richmond, questions are being raised over who should be allowed access to the data collected by everyday devices. Read more here.

CERT NZ receives record number of cybersecurity reports

736 cybersecurity incidents were reported to CERT NZ from April to June this year – the highest amount ever for a single quarter. The financial losses that occurred as a result of the breaches totalled $2.22 million dollars. Read more here.

Netsafe drops harm complaint by scientist

Netsafe has declined to pursue a complaint made by entrepreneur Sir Ray Avery under the Harmful Digital Communications Act, which alleged Newsroom stories about his products amounted to digital harm and harassment. Read more here.

Concerns over use of algorithms to predict risk of child abuse

A series of letters published in The Guardian discusses the use of algorithms to predict the risk of child abuse, with one writer raising concerns that stereotypes could become “entrenched and legitimised when incorporated into technology”. Read more here.

Equifax fined for security breach

Credit reference agency Equifax has been fined £500,000 by the UK’s Information Commissioner’s Office, after a 2017 cyber-attack compromised the personal information of 146 million customers globally. Read more here.

Amazon investigating employee data leaks

Amazon is investigating claims its employees are leaking confidential information in exchange for bribes from merchants. Read more here.

Mother angry after child filmed having tantrum

An Auckland mother is calling for stricter privacy laws after her three-year-old son was filmed by a stranger while having a tantrum on the footpath. Read more here

Magazine loses appeal over Kate Middleton topless photos

French celebrity magazine Closer has lost an appeal against fines imposed for publishing photographs of the Duchess of Cambridge sunbathing topless. Read more here.

Image credit: Fork-tailed gull via James J Audubon's Birds of America.

 

 

 

 

Office of the Privacy Commissioner, New Zealand
Source: Blog
21 Sep 2018, 12:16pm AEST

FTC Brings First-ever Action Targeting “iV Cocktail” Therapy Marketer

Order settling complaint bars Texas-based firm and owner from making unsupported claims that iV cocktails can treat serious diseases and produce fast, long-lasting results

The Federal Trade Commission today, for the first time, charged a marketer and seller of intravenously injected therapy products (iV Cocktails) with making a range of deceptive and unsupported health claims about their ability to treat serious diseases such as cancer, multiple sclerosis, and congestive heart failure.

The proposed FTC order settling the claims prohibits the company, which operates a string of clinics in north Texas; New Braunfels, Texas; and Vail, Colorado, and its owner from making such claims, unless they can be supported by competent and reliable scientific evidence.

The iV Cocktails, which were advertised as an alternative to traditional medical therapy, are actually a simple mix of water, vitamins, minerals, and herbs injected directly into the bloodstream for between $100 and $250 per “treatment.” Such therapy, sometimes referred to as “Intravenous Micro-Nutrient Therapy,” “Intravenous Vitamin Therapy,” and “Hydration Therapy,” has recently seen an increase in popularity throughout the country.

“This enforcement action should send a clear message to the burgeoning iV therapy industry and sellers of all healthcare products,” said Joe Simons, Chairman of the Federal Trade Commission. “Health claims must be supported by competent and reliable scientific evidence.”

What the FTC Did to Protect Consumers

According to the FTC’s complaint, A & O Enterprises Inc., doing business as iV Bars Incorporated and iVBars, and its owner and operator Aaron K. Roberts deceptively advertised, promoted, and sold a line of iV Cocktails, including one called the Myers Cocktail, to consumers seeking alternative treatments for major diseases. In marketing its products online, the iV Bars respondents (iV Bars) allegedly made a range of unsupported health and efficacy claims for the treatments.

Beginning in mid-2015, iV Bars used its website and social media to advertise a variety of iV Cocktails to consumers, designed to be administered directly into the bloodstream, typically through a vein in the arm. Each iV Cocktail costs $100 or more per session.

iV Bars claimed the iV Cocktails could treat serious diseases including cancer, congestive heart failure, multiple sclerosis, diabetes, fibromyalgia, and neurodegenerative disorders. iV Bars also claimed that their iV Cocktails produced fast, lasting results, and in many instances, were more effective and better-tolerated than conventional medical therapies.

The complaint alleges that iV Bars’ health treatment and efficacy claims either were false or not supported by competent and reliable scientific evidence. It also alleges that iV Bars made false establishment claims that iV Cocktails were clinically or scientifically proven to provide the health benefits advertised.

What the Settlement Means

The proposed settlement order, which is subject to public comment, prohibits iV Bars from making the false or unsubstantiated claims that its iV Cocktails: 1) are an effective treatment for any of the diseases included in the complaint; 2) produce fast, lasting results; or 3) cure, mitigate, or treat any diseases, unless the claim is supported by competent and reliable scientific evidence. The order also prohibits iV Bars from making any express or implied health, safety, or efficacy claims unless they are not misleading and are supported by scientific evidence.

In connection with the advertising, marketing, promotion, or sale of any covered product, the order prohibits iV Bars from misrepresenting that it has had medical professionals test or approve the product, or that it has a research facility. The order also prohibits iV Bars from misrepresenting the existence or conclusions of any scientific evidence, or that a product, including iV Cocktails, is scientifically or clinically proven to produce any benefit.

Finally, the order requires iV Bars to preserve any underlying scientific data and documents used to support health claims made for any product.

Notice to Consumers About the Myers Cocktail

In addition to agreeing to the terms of the proposed order, on September 4, 2018, iV Bars emailed a notice to consumers who bought the Myers Cocktail before the FTC-challenged health claims were eliminated from the company’s advertising.

The notice, signed by respondent Roberts, makes clear to consumers that:

  • Contrary to the company’s marketing materials, studies have not shown that the Myers Cocktail is an effective treatment for any disease, including nine specific diseases, ranging from cancer to multiple sclerosis and diabetes;
  • Consumers should consult a doctor or other healthcare provider before using any alternative disease treatments;
  • Consumers should talk with their doctor or healthcare provider before stopping any prescribed treatments; and
  • It is important for consumers to talk with their healthcare provider to ensure all aspects of their medical treatment work well together.

The Commission vote to issue the administrative complaint and to accept the consent agreement was 5-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly.

The agreement will be subject to public comment for 30 days, beginning today and continuing through October 22, 2018, after which the Commission will decide whether to make the proposed consent agreement final. Interested parties can submit comments electronically by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $41,484.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
20 Sep 2018, 10:00pm AEST

Canada’s access to information and privacy guardians call for privacy regulation and oversight of political parties

In a joint resolution, Canada’s Information and Privacy Ombudspersons and Commissioners have called on governments to pass legislation requiring political parties to comply with globally recognized privacy principles, to provide Canadians with access to the personal information they hold about them, and to provide for independent oversight to verify and enforce privacy compliance.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
18 Sep 2018, 6:00am AEST

Privacy in the news (7-13 September 2018)

Welcome to our weekly roundup of privacy stories in the news media.

Privacy Commissioner warns against alarmist claims

The Privacy Commissioner is warning against people making alarmist comments that could undermine confidence in the health system. Four IT companies had raised concerns up to 800,000 Aucklanders may have had their privacy breached as their medical records were copied to a new electronic database. Read more here.

Domain Name Commission wins first step in data protection case

New Zealand’s Domain Name Commission has won the first step in a lawsuit against a US company, DomainTools, in a ruling that temporarily ends the company’s ability to harvest .nz domain holders’ personal information and sell it for profit. Read more here.

Crown appeals Dotcom privacy win

The Crown has appealed a decision ruling Kim Dotcom's privacy was breached when his 52 urgent information requests were declined because they were “vexatious”. Read more here.

New Zealand business affected by invoice scams

New Zealand businesses are experiencing a spike in invoice scams, where scammers gain access to their email accounts and advise customers of new bank account details. This article from CERT NZ explains what to look for.

Algorithms pose challenges for government agencies

An article by Chief Data Steward Liz MacPherson discusses the challenges that come with the use of computer algorithms, and the unintended consequences that could arise as a result of their use. Read more here.

California to replace cash bail with algorithms

Cash bail in the US state of California will next year be replaced with an algorithmic system for those accused of crimes in California. Concerns have been raised about the potential for the algorithms to be biased. Read more here.

EU proposes fining groups that misuse voter data

The European Union is proposing fines for groups that misuse voter data to influence elections, in an effort to avoid a repeat of the Facebook Cambridge Analytical scandal in 2016. Read more here.

Google appeals order to extend right to be forgotten

Google is appealing an order to expand the European Union’s right to be forgotten rule to its search engine globally. Critics say it could be “transformed into a tool of global censorship”. Read more here.

Hackers intercept British Airways transactions

“Sophisticated and malicious” hackers intercepted 380,000 British Airways transactions and obtained customers’ names, addresses, credit card details and emails. Read more here.

Image credit: American crow via John J Audubon's Birds of America.

Office of the Privacy Commissioner, New Zealand
Source: Blog
14 Sep 2018, 9:48am AEST

Singapore Meets Hong Kong on Data Privacy Protection and Collaboration

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
13 Sep 2018, 10:00am AEST

Genealogy surprises are not always welcome

Genealogy is apparently the second most popular hobby in the United States, after gardening. In New Zealand, we’ve also seen a growing interest in tracing one’s ancestry. It has become a much discussed topic in online forums and the news media. Some of this boom has been driven by the ease with which people can submit the DNA information to find matches via genealogical websites such as Ancestry.com.

Biological father

Earlier this year, we received an enquiry from a man whose sister had submitted DNA to Ancestry.com. His sister subsequently discovered that she had a ‘close relative’ that no one in the family knew about. The sister made contact with this person who explained they were the product of a sperm donation. It was then a short step for the sister and her family to conclude that our enquirer must have been the donor and was the biological father of the ‘close relative’.

The enquirer told us the fact he had been a sperm donor was a private matter that he was very upset to have been uncovered by his sister. When he gave sperm in the 1980s, he had been told by the health agency he would be doing it anonymously and it would not be traceable.

Our enquirer felt it was an important issue that could affect others like him and he sought our help because Ancestry.com had not sought his consent in disclosing the existence of the close relative to his sister.

Privacy impact

We contacted Ancestry.com to ask how it dealt with such situations. We were interested to know what policies it had in place which addressed the potential impact on the privacy of third parties (in this case, our enquirer).

Ancestry.com told us the service was committed to the policy that customers should always maintain ownership and control over their own data. Many people took the Ancestry DNA test with the specific intention of finding out new facts about themselves, and this included finding the existence of previously unknown relatives.

In acknowledging any unintended consequences, in its privacy statement, Ancestry.com said: “You may discover unexpected facts about yourself or your family when using our services. Once discoveries are made, we can’t undo them”.

Ancestry.com provided customers with privacy resources so they would be making informed decisions when choosing to submit their DNA. Customers had to decide whether their DNA matches would be shared with other customers. If they did opt in, their DNA code would be viewable by other customers who had themselves similarly opted-in.

Therefore, our enquirer had been unlucky to have his privacy impacted because both his sister and the close relative had chosen to make their DNA information viewable enabling a match to be made. They were then able to share further information with each other. Our enquirer realised he could not change the circumstances of his situation but if possible he did want to prevent any possibility of it happening again.

Personal affairs

But we were unable to assist further. The Privacy Act regulates personal information and how agencies collect, use, disclose, and store that information. Section 56 of the Act says that the obligations in these principles do not apply to the actions of individuals acting in their own personal capacity, or in relation to their “personal, family, or household affairs”.

We noted the significant impact on our enquirer which resulted in information about him becoming known to his family. But this was not the result of the actions of Ancestry.com, it was the result of the actions of his sister and the relative. To prevent it happening again, the sister could agree to change her privacy settings so her DNA information was no longer viewable by others or she could request Ancestry.com delete her information (a facility which the service provides).

While the Privacy Act is not a guide on what individuals in these circumstances can and can’t do, it’s important to do your homework and be aware of the possible privacy implications for others when you put your DNA on a searchable database like Ancestry.com. Some family members might not be quite as enthusiastic as you about your new hobby.

For further reading, the Ancestry.com privacy statement can be found here. You can also find out more in these articles here and here.

This article was first published by NZ Doctor on 12 September 2018.

Image credit: Man DNA Spiral by NeuPaddy (Creative Commons Licence)

Office of the Privacy Commissioner, New Zealand
Source: Blog
12 Sep 2018, 11:58am AEST

Response to Media Enquiry on Personal Data Transfer to Mainland Organisations / Authorities When Using Wi-Fi Service at West Kowloon Station (Chinese version only

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
11 Sep 2018, 10:00am AEST

Reduce Cyberbullying by Nurturing Culture of “Protect, Respect Personal Data” Privacy Commissioner Delivers Panel Presentation at HKU Faculty of Law Symposium on Tackling Cyberbullying

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
4 Sep 2018, 10:00am AEST

The OAIC welcomes the appointment of Angelene Falk as Australian Information Commissioner and Privacy Commissioner

The OAIC welcomes the Attorney-General’s announcement of the appointment of Angelene Falk as Australian Information Commissioner and Privacy Commissioner for a three year term.

Office of the Australian Information Commissioner
Source: News - OAIC
17 Aug 2018, 2:45am AEST

Commissioner launches privacy awareness lesson plans for grades 6-12

When students and teachers head back to school, their backpacks will include more than the usual paper, pencils, and pens. They’ll also be filled with the latest electronic devices.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
15 Aug 2018, 6:00am AEST

Public disclosures of City of Nanaimo documents not authorized by FIPPA

Information and Privacy Commissioner Michael McEvoy published a reporting letter today concerning the public disclosure of four City of Nanaimo documents containing personal information.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
3 Aug 2018, 6:00am AEST

Notifiable Data Breaches second Quarterly report released

The Office of the Australian Information Commissioner (OAIC) has received 242 notifications under the Notifiable Data Breaches (NDB) scheme in the period 1 April to 30 June 2018, according to the second quarterly statistical report on data breach notifications received under the scheme, released today. This is the first full quarter of operation of the NDB scheme since it commenced on 22 February 2018.

Office of the Australian Information Commissioner
Source: News - OAIC
30 Jul 2018, 2:21pm AEST

My Health Record opt-out period has commenced

On 10 August 2018, the Minister for Health announced that the opt-out period would be extended until 15 November 2018. This news item has been amended to reflect that.

From today until 15 November 2018, you have the choice to advise the Australian Digital Health Agency (ADHA) if you do not want a My Health Record to be automatically created for you.

Office of the Australian Information Commissioner
Source: News - OAIC
16 Jul 2018, 12:11am AEST