The United States Federal Trade Commission (hereinafter “FTC”) is not only charged with promoting competition but also protecting American consumers. One way, by protecting their privacy. In order to enforce the seventy-one federal statutes within its jurisdiction, the FTC investigates businesses and their practices to ensure that laws are followed to the letter. Though most investigations by the FTC are not public, an investigation will undoubtedly cost a business time and focus. Beyond investigation, there can be a lawsuit, either of which may lead to a settlement in the form of a consent order. In the case of settlement, the FTC will propose a consent order that will detail the terms of settlement reached. This will be published and open for public comment for thirty days, afterwhich if the consent order is violated, the FTC can seek judicial enforcement. These public events will not only impact businesses’ reputation but are also costly in other ways, such as legal fees.
Last year, the FTC released a report titled, “Protecting Customer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers.” In this report the FTC suggested the best methods for businesses to assure that not only its data is protected but also the data collected from customers. It is certain that the FTC does not take privacy violations lightly, as Google learned from the strong message sent by the Commission in the form of the largest FTC penalty for violation of a settlement order to the tune of $22.5-million. This after Google deceived Apple Safari users by stating that it would not be collecting their user and browsing information or tracking them for the purposes of advertising. The penalty was not the only term in the consent order; Google is now barred from future privacy misrepresentations, must implement a comprehensive privacy program and will be forced to have independent privacy audits for the 20-years.
Google is not the only company that has been hit with FTC privacy violations. LabMD compromised and inadvertently released personal information of 10,000 of its customers, some including medical information. Whilst the case is on-going, the FTC is seeking a similar outcome to the one reached with Google: a comprehensive security and privacy program and independent privacy audits for 20-years. Interestingly, LabMD has challenged the FTC’s authority to bring such a complaint against it.
This year, an FTC investigation into data broker companies’ uncovered ten companies that were in violation of the Fair Credit Reporting Act, a federal statute under its jurisdiction to enforce. In this case, the FTC simply sent letters to the incompliant companies informing them of their wrong practices and reminding them of how to act lawfully in the future.
If your business or company has concerns over FTC compliance or has come under investigation by the FTC, please contact us for help.