Government // Leadership
News
3/26/2012
02:18 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FTC Calls For Data Privacy Laws

Federal Trade Commission requests legislation on privacy and data brokers and continues to push for a Do Not Track program.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The Federal Trade Commission issued a report Monday that was two years in the making, calling on Congress to pass data privacy legislation and on the private sector to do more to ensure the privacy of consumer data and the control that consumers have over use of that data.

The 73-page report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers," does not mandate action on data privacy. However, it does provide a series of best-practice guidelines, calls for Congressional action, and pushes for a robust "do not track" program to allow consumers to opt out of online advertising that tracks user behavior online.

In a press conference coinciding with the report's release, FTC commissioner John Leibowitz said that the FTC doesn't endorse a particular piece of legislation, but "endorse[s] the notion of it," including legislation that tackles data privacy in general as well as the operations of data brokers, which are the companies that collect and traffic in consumer data.

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Faul. ]

More specifically, for example, the FTC wants the new laws to, among other things, "provide consumers with access to information about them held by a data broker." These disclosures should be "meaningful," Leibowitz said. In addition to its call for legislation, the FTC is holding a workshop on data transparency later this year, and is asking the data broker industry to set up a centralized website where consumers can go to get information on data brokers' practices.

The FTC's report follows close on the heels of the February announcements of the Obama administration's Consumer Privacy Bill of Rights, which also call for consumer privacy legislation, and advertiser endorsement of the browser-based do-not-track effort, which would allow users to opt out of ads that track online behavior.

The new FTC report emphatically supports that do-not-track work. "We will continue working with [industry] until all consumers have an option not to be tracked," Leibowitz said. "Your computer [is] your property, and people shouldn't put things in it without your consent."

He predicted that the technology would be ready by the end of the year, and that if companies don't buy in, Congress might move forward with legislation for do not track. For now, however, he said that a do-not-track law might not be necessary if enough advertisers and technology companies buy into the need. "We need a Do Not Track option that's persistent, that's easy to use, and that's effective," he said, adding that the Digital Advertising Alliance and the Worldwide Web Consortium are working hard to make that option a reality.

The report also stressed the need for mobile privacy, especially privacy of mobile device users' geolocation data. The FTC will be holding a mobile privacy workshop on May 30.

Not all of the FTC's leadership bought into the report, which built on a draft report issued in December 2010. Commissioner Thomas Rosch argued that the report's framework focuses too much on "unfair" practices rather than on deceptive practices and might apply too broadly. He also complained that the report's language suggests that its recommendations are more mandatory than voluntary.

The biggest threat to your company's most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. Follow our advice in our Defend Data From Malicious Insiders report to mitigate the risk. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Strategist
3/28/2012 | 12:03:44 AM
re: FTC Calls For Data Privacy Laws
I would agree the article left me a little confused starting with a report on best practices for "businesses and policy" to end with a heavy concentration on government initiatives for do not track policies such as against cookie and browser tracking largely personal computing based. Companies have been tracking employees in part to counter fraud since the first proxies made it possible and I believe even before extensive use of cookies or similar browser based technologies.

Many company UserIDs can be so non personally identifiable that using them for tracking via cookies, unless you are logging into commercial sites, may be wasteful. I would have probably made two articles if I wanted to base it on business or personal computing issues. Then again, most business IT departments should already know the best practices based on their threat environment, I doubt the FTC listing best practices contain ground breaking new insight for them.
MikeD123
50%
50%
MikeD123,
User Rank: Apprentice
3/27/2012 | 9:02:50 PM
re: FTC Calls For Data Privacy Laws
Unless you are using your "personal devices" from work, like a laptop on your employer's network, I don't see how this is an issue. If you are, then you are using your employer's internet access, most likely during work hours. If this is true, your employer has ever right to monitor your activity.

I'm really stumped by what you meant by "since the days of DOS". Unless you worked for a government organization back in those days, it is unlikely they were monitoring anything back then other than what you were accessing on a fileserver. That kind of monitoring put such a high load on servers from back then that most admins turned it off.
jakesteeley
50%
50%
jakesteeley,
User Rank: Apprentice
3/26/2012 | 9:29:10 PM
re: FTC Calls For Data Privacy Laws
How is this going to help me from my employer accessing my personal devices and making decisions based upon what they learn? This activity occurs every day and has been since the days of DOS.

I wonder how many lives of unsuspecting employees have been severely affected by this ongoing activity that continues to be ignored? Certain capable admin's conduct themselves 'above the (non) law' and see fit to act whichever way they see fit. It is personal, devious and should not be ignored.

Don't come to me and tell me it is to protect businesses from internal threats either. Although this is a problem, the info can and does travel in both directions. Folks like me in the IT field know yet very few are willing to speak out as most do not want to relinquish positions of power.

The next time you want to complain about how the evil advertising empire needs to be severely punished for wrongdoing, think about how those advertisers have hurt you so badly in the past by affecting your personal and professional lives and how much you have been tormented by all those ads...; yet you have always worked blissfully and without any reason to ever be worried at all about connecting your device to the corporate network that pays your bills and supports your family.

What a joke FTC, get real.
2014 US Salary Survey: 10 Stats
2014 US Salary Survey: 10 Stats
InformationWeek surveyed 11,662 IT pros across 30 industries about their pay, benefits, job satisfaction, outsourcing, and more. Some of the results will surprise you.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.