According to the director of the Bureau of Consumer Protection at the Federal Trade Commission (FTC), David Vladeck, "the FTC has distinguished itself by aggressively enforcing privacy and data security laws," with enforcement cases involving "companies that failed to take reasonable measures to protect against both high tech hackers as well as low tech dumpster divers."
Speaking on September 29, 2010, at the IAPP Academy, Vladeck said that the agency "will continue to bring cases to ensure that companies reasonably safeguard consumer information," but that he hope to see a lot "more cases involving pure privacy — that is, practices that attempt to circumvent consumer understanding and consumer choice about how their information will be used." He also suggested that new technologies and social media would be under the agency's miscroscope.
Previewing what might appear in the FTC's upcoming data privacy report, he highlighted expectations for privacy by design, increased transparency about commercial data practices, simplified consumer choice, giving consumers greater access to data held about them, and educating consumers and businesses about data privacy.
Most importantly, Vladeck highlighted the "ever-raging debate about legislation vs. self regulation," and while the FTC recognized "that self-regulation is a vital piece of the privacy puzzle," regulation also has a role to play in protecting consumer privacy. While the FTC "has supported self-regulation," he said, "I am disappointed in its progress."
In conclusion, he wished for "a real utopia" where "FTC enforcement isn’t necessary because companies are doing right by consumers rather than launching products without considering privacy, engaging in trial-and-error with the release of consumers’ information, or failing to take reasonable measures to protect that information." However, "as long as there’s a few bad apples, the FTC will continue to remain on the beat," Vladeck said.