FTC Calls For Data Privacy Laws - InformationWeek
Government // Leadership
02:18 PM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

FTC Calls For Data Privacy Laws

Federal Trade Commission requests legislation on privacy and data brokers and continues to push for a Do Not Track program.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The Federal Trade Commission issued a report Monday that was two years in the making, calling on Congress to pass data privacy legislation and on the private sector to do more to ensure the privacy of consumer data and the control that consumers have over use of that data.

The 73-page report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers," does not mandate action on data privacy. However, it does provide a series of best-practice guidelines, calls for Congressional action, and pushes for a robust "do not track" program to allow consumers to opt out of online advertising that tracks user behavior online.

In a press conference coinciding with the report's release, FTC commissioner John Leibowitz said that the FTC doesn't endorse a particular piece of legislation, but "endorse[s] the notion of it," including legislation that tackles data privacy in general as well as the operations of data brokers, which are the companies that collect and traffic in consumer data.

[ When it comes to privacy, we're our own worst enemy. See Google's Privacy Invasion: It's Your Faul. ]

More specifically, for example, the FTC wants the new laws to, among other things, "provide consumers with access to information about them held by a data broker." These disclosures should be "meaningful," Leibowitz said. In addition to its call for legislation, the FTC is holding a workshop on data transparency later this year, and is asking the data broker industry to set up a centralized website where consumers can go to get information on data brokers' practices.

The FTC's report follows close on the heels of the February announcements of the Obama administration's Consumer Privacy Bill of Rights, which also call for consumer privacy legislation, and advertiser endorsement of the browser-based do-not-track effort, which would allow users to opt out of ads that track online behavior.

The new FTC report emphatically supports that do-not-track work. "We will continue working with [industry] until all consumers have an option not to be tracked," Leibowitz said. "Your computer [is] your property, and people shouldn't put things in it without your consent."

He predicted that the technology would be ready by the end of the year, and that if companies don't buy in, Congress might move forward with legislation for do not track. For now, however, he said that a do-not-track law might not be necessary if enough advertisers and technology companies buy into the need. "We need a Do Not Track option that's persistent, that's easy to use, and that's effective," he said, adding that the Digital Advertising Alliance and the Worldwide Web Consortium are working hard to make that option a reality.

The report also stressed the need for mobile privacy, especially privacy of mobile device users' geolocation data. The FTC will be holding a mobile privacy workshop on May 30.

Not all of the FTC's leadership bought into the report, which built on a draft report issued in December 2010. Commissioner Thomas Rosch argued that the report's framework focuses too much on "unfair" practices rather than on deceptive practices and might apply too broadly. He also complained that the report's language suggests that its recommendations are more mandatory than voluntary.

The biggest threat to your company's most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. Follow our advice in our Defend Data From Malicious Insiders report to mitigate the risk. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
3/28/2012 | 12:03:44 AM
re: FTC Calls For Data Privacy Laws
I would agree the article left me a little confused starting with a report on best practices for "businesses and policy" to end with a heavy concentration on government initiatives for do not track policies such as against cookie and browser tracking largely personal computing based. Companies have been tracking employees in part to counter fraud since the first proxies made it possible and I believe even before extensive use of cookies or similar browser based technologies.

Many company UserIDs can be so non personally identifiable that using them for tracking via cookies, unless you are logging into commercial sites, may be wasteful. I would have probably made two articles if I wanted to base it on business or personal computing issues. Then again, most business IT departments should already know the best practices based on their threat environment, I doubt the FTC listing best practices contain ground breaking new insight for them.
User Rank: Apprentice
3/27/2012 | 9:02:50 PM
re: FTC Calls For Data Privacy Laws
Unless you are using your "personal devices" from work, like a laptop on your employer's network, I don't see how this is an issue. If you are, then you are using your employer's internet access, most likely during work hours. If this is true, your employer has ever right to monitor your activity.

I'm really stumped by what you meant by "since the days of DOS". Unless you worked for a government organization back in those days, it is unlikely they were monitoring anything back then other than what you were accessing on a fileserver. That kind of monitoring put such a high load on servers from back then that most admins turned it off.
User Rank: Apprentice
3/26/2012 | 9:29:10 PM
re: FTC Calls For Data Privacy Laws
How is this going to help me from my employer accessing my personal devices and making decisions based upon what they learn? This activity occurs every day and has been since the days of DOS.

I wonder how many lives of unsuspecting employees have been severely affected by this ongoing activity that continues to be ignored? Certain capable admin's conduct themselves 'above the (non) law' and see fit to act whichever way they see fit. It is personal, devious and should not be ignored.

Don't come to me and tell me it is to protect businesses from internal threats either. Although this is a problem, the info can and does travel in both directions. Folks like me in the IT field know yet very few are willing to speak out as most do not want to relinquish positions of power.

The next time you want to complain about how the evil advertising empire needs to be severely punished for wrongdoing, think about how those advertisers have hurt you so badly in the past by affecting your personal and professional lives and how much you have been tormented by all those ads...; yet you have always worked blissfully and without any reason to ever be worried at all about connecting your device to the corporate network that pays your bills and supports your family.

What a joke FTC, get real.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll