FTC Privacy Judgments: Are you doing enough to protect consumers?
Over the last few years, we’ve seen FTC privacy judgements against the ‘Big Three’ web companies Google, Facebook and Twitter. In all these cases, the ‘Big Three’ were not protecting the interest of the American consumer.
In the FTC ruling against Facebook the Company:
“…agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established.”
Twitter also agreed to settled FTC charges:
“…that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the agency’s first such case against a social networking service. The FTC’s complaint against Twitter charges that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including access to non-public user information, tweets that consumers had designated private, and the ability to send out phony tweets from any account including those belonging to then-President-elect Barack Obama and Fox News, among others.”
Lastly, Google agreed to settle charges that the retired social networking site Google buzz:
“…violated the company’s own privacy policies and used deceptive tactics when it launched in 2010. The proposed settlement, announced Wednesday, requires the search giant to implement a privacy program and undergo regular privacy audits for the next 20 years.”
The FTC has an on-going effort to ensure companies live up to the privacy promises they make to American consumers. Whether you run a social networking site or use SharePoint to store consumers’ personally identifiable information (PII), you should be asking yourself if you would need to settle against FTC charges and if this would mean the end to your business.
Ask yourself some of the following:
- Does my business come into contact with American consumers’ PII?
- Where is this information stored? On a server? In SharePoint? On my web?
- Who has access to this information? / Are regular audits performed to ensure only users with a need to know have access to the sensitive information?
- Do I have privacy settings to protect the information from being accessed by anyone or emailed accidentally?
- Am I misleading any consumers with how I’m handling or what I’m doing with their details?
If you are uncertain about any of these answers, it might be time to do an internal audit of your data and look to put some policies and procedures in place before the FTC comes knocking. And automated compliance technology is the first step in this process.