trust gets “eroded when companies make promises about privacy or security that they don’t keep, or when firms fail to maintain reasonable security procedures, thereby putting consumer data at risk.”
While self-regulation “can serve a critical function in policing the marketplace and are an important complement” to the Federal Trade Commission (FTC)’s law enforcement efforts, FTC Commissioner Terrell McSweeny advocated for broader FTC action and authority in the areas of consumer privacy and data security – the same authority that already makes the FTC the primary regulator of the survey, opinion and marketing research profession in the United States.
Speaking at a conference on March 31, McSweeny emphasized the need for consumer trust, which she called a key part of “protecting consumer privacy and data security.” That trust gets “eroded when companies make promises about privacy or security that they don’t keep, or when firms fail to maintain reasonable security procedures, thereby putting consumer data at risk.”
With more than 50 settlements with companies over data security in recent years, and ongoing rule modifications to privacy laws like the Children’s Online Privacy Protection Act (COPPA), there is no shortage of FTC activity. After 100 years of FTC existence, the agency is not shy about exercising its Section 5 authority against unfair or deceptive acts and practices. However, as McSweeny noted, “consumer concern over crimes like identity theft remains high; it continues to be the FTC’s number one consumer complaint – not surprising after a year of high profile breaches – and people continue to weigh privacy and security against the benefits of adopting new connected devices.”
That rise of the Internet of Things, upon which the FTC recently released a contentious report and which is a growing concern for both the Senate and the House of Representatives, clearly has caught McSweeny’s attention. “We are at the cusp of a rapid expansion of our connectedness – with an estimated 25 billion connected devices by the end of this year, and 50 billion by 2020 – which is why I support stronger protections for consumers, particularly for their security.”
As with the FTC’s recent report, McSweeny took the opportunity to endorse a comprehensive data security bill, although expressed concerns about aspects of the bill MRA endorsed which is working its way through the House. And likely in response to the FTC’s court cases with Wyndham Hotels and Lab MD, McSweeny made sure to “emphasize that FTC data security enforcement is grounded in the concept of reasonable security – not perfect security.”
McSweeny closed with a promise “that the FTC is committed to working with Congress, industry, and other stakeholders to continually examine privacy and security issues and develop pragmatic approaches that will best protect consumers. That’s not just lip service; the FTC does respond to concerns raised in the marketplace.”