FTC Updates Data Privacy Guidelines

On the heels of talking about Big Data, we noticed yesterday that Monday the Federal Trade Commission (FTC) laid out sweeping updated guidelines for private sector companies on how they can better protect their customers' privacy.  Sure, you could see this coming in light of what Google is facing after recent disclosures about some of their manuevers to capture consumer data.

The FTC also called on Congress for new legislation to further protect consumers' privacy in light of data brokers and social networks amassing enormous stores of data.  The guidelines and recommendations are laid out in a 112 report that's worth a look if you have responsibility for ensuring data privacy and security. 

(Interesting aside, one of our Partners participated in an earlier such report on consumer data privacy protection at the beginning of this decade just at the point of collapse of the initial "dot com" era or Web 1.0.  We're waiting for his "read" on this new edition.)

In a press conference to announce the report, FTC Chairman Jon Leibowitz explained,

As a result, we've had to ask how consumers can continue to enjoy the riches of a thriving online and mobile marketplace without surrendering their privacy as the price of their admission. It is at this intersection of high tech innovation and privacy rights that the FTC has interceded -- not to erect a stop light, but to look at the traffic patterns.

What we can share after a cursory pass over the report is that the Commission has set forth updated guidelines for the private sector that revolve around product design, consumer choice and transparency about what is done with consumers' information.  One specifc guideline suggests Companies give consumers options as to what information is collected about them, and also control over with whom its shared.  We think this will directly impact Companies that target ads based on tracking consumers' activities online through ad networks.

FTC's Chief Technology Officer Ed Felton, observed that Companies have historically claimed they only traffic in de-identitifed data because that they remove the names from profiles of people they're tracking online. However, that's a less meaningful form of de-identification today because the tracking of online activities is becoming so precise that it is increasingly easier to figure out who is being tracked.

Consumer data privacy is a core priority in our work.  One of our Partners is a self-proclaimed "recovering lawyer" who has spent a good deal of time at the intersection of law, technology, and public policy and has  particular expertise in data privacy and security.  Backed by a strong group of advisers and an alliance with TRUSTe, we can offer you sound (non-legal) advice about your privacy practices and policies.

Which reminds us to mention:  the deadline to comply with the new European Union's Cookie Directive looms... like 55 days and 18 hours from this writing Thursday evening, 11:00pm PDT.  The short of it is the new E.U. Cookie Law requires web sites to obtain consent from visitors to store or retrieve any information on a computer or any other web connected device, like a smartphone or tablet.  TRUSTe offers a comprehensive service to help you ensure compliance.  Bottom line: If your business has a web site, its almost certain you need to make changes to comply with the law.  And the time to do so is now.  The law is already in effect in at least the U.K. with a grace period for business abroad to comply by 26 May 2012.  Feel free to contact us (no obligations ;-) if you'd like to know more.



Gregory Miller, CTO

Greg has been in the tech sector as a software architect and engineer, product manager, marketing and biz dev exec., and even IP and privacy lawyer for 3 decades. He is currently on the Board of a non-profit tech foundation reinventing America's election technology, is a venture adviser in the Silicon Valley, and serves as the CTO for C[IQ] Strategies, Inc.