A Preliminary FTC Staff Report on "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers" #00192

Submission Number:
00192
Commenter:
Colin Watson
Organization:
Watson Hall Ltd
State:
Outside the United States
Initiative Name:
A Preliminary FTC Staff Report on "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers"

Maintain comprehensive data management procedures ------------------------------------------------- The UK's ICO published a report on creating the business case and includes a section on how organisations should consider the value of PII from more than one perspective. (I was co-author). The Privacy Dividend, ICO http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_... accepted practices --------------------------- Whilst websites and other information systems could prevent logging of certain data, what data exactly is within scope... e.g. IP address, user agent, user name. Normal logging could exclude certain data, but in the event of errors, suspicious or malicious activity, organisations should be allowed to record, retain and analyse information - some of which could then include personal data (e.g. an IP address which could be used to identify one person). Guidance should not exclude such information gathering, but of course that data needs to be handled securely and destroyed at the end of its use. Improved privacy notices ------------------------ The UK's ICO has produced an excellent guide in this area - relevant to UK legislation. The ICO prefers the term "privacy notices" to "privacy statement" or "privacy policy". It may be useful to reference it in the FTC report as a good example elsewhere: Privacy Notices Code of Practice, ICO http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_... access to consumer data ---------------------------------- Additional labelling of product/service ownership would assist consumers identifying their rights and who to contact. Some discussion of this on my blog: Trust .UK http://www.clerkendweller.com/2010/12/14/Trust-UK