On March 17, the Federal Trade Commission ("FTC") announced a civil penalty against a membership reward service, Upromise, for failing to disclose the extent of its data collection practices. Despite a 2012 order requiring the company to make clear and prominent disclosures, the FTC alleged that the company failed to make appropriate disclosures or to obtain the necessary assessments certifying protection of consumer data. As part of the new order, the company must pay $500,000 and implement the remedial measures prescribed in the 2012 order.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.