FTC’s Brill Urges Companies to Proactively Implement Data Safeguards
FTC Commissioner Julie Brill urged online companies to implement “reasonable security safeguards,” better transparency, and “important privacy principles” or face FTC scrutiny. The warning came in a Thursday speech to the National Cybersecurity Alliance. An FTC spokeswoman told us separately that the commission plans to release its final privacy report “in the next few weeks.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Brill said she and her colleagues are all “on board in support of legislation that would require companies to implement reasonable data security policies and procedures and … provide notification to consumers when there is a security breach.” Brill said that as a Zappos customer she recently had to change her online passwords after hackers breached the e-tailer’s network and accessed 24 million accounts. The intrusion, which was revealed last week, affected the website’s internal network and exposed customer information including names, shipping addresses, email addresses, phone numbers and passwords.
Brill urged online data brokers to implement better transparency in their business and provide consumers with more information about what is being done with their personal information. “I am calling on data brokers to … develop a user-friendly one-stop shop where consumers can gain access to information that data brokers have amassed about them and, in appropriate circumstances, can correct that information,” she said. “I have long been concerned about data that are used in place of traditional credit reports, to make predictions that become part of the basis for making determinations regarding a consumer’s credit, their ability to secure housing, gainful employment, or various types of insurance.”
Brill said industry members should put “important privacy principles into practice” or face FTC penalties like those imposed on Facebook and Google. In November, Facebook settled with the FTC on allegations that it made deceptive claims about user privacy when it made changes to the framework of its social network in December 2009. And in October the FTC unanimously approved a consent agreement with Google concerning the company’s 2010 Buzz social network launch (WID Oct 25 p5). Both settlements require the companies to create and maintain a “comprehensive” privacy program and submit to independent third-party privacy audits for the next 20 years.
Brill said the agency is working with international partners “to shine a spotlight on the importance of privacy and data security.” Specifically, the commission is working with the Organisation for Economic Co-operation and Development, Asia-Pacific Economic Cooperation, the Global Privacy Enforcement Network and the International Conference of Data Protection and Privacy Commissioners to improve international enforcement cooperation, she said. On Wednesday, the European Union released its proposed data protection reform package (see notebook in this issue) that requires explicit consent to use personal data and provides a “right to be forgotten” when consumers withdraw personal information from social networks and other sites (CD Jan 26 p9).