Skip to main content

Looking to take a deep dive into the breadth and depth of the FTC’s approach to consumer privacy and data security in the past year? The FTC’s website, including the Business Center, has what you need. But what if you or your clients prefer an at-your-fingertips digest of developments in 2018? We’re got that covered, too. The FTC just issued its 2018 Privacy and Data Security Update – a compendium for attorneys, business executives, and others who are long on interest, but short on time. It summarizes the seven zones that were central to the FTC’s 360° approach in 2018.

Cover of FTC 2018 Privacy & Data Security UpdateENFORCEMENT. The FTC’s privacy and data security enforcement experience runs deep, with hundreds of cases filed in recent years. The 2018 Update leads off with a summary of cases, warning letters, and other actions linked to the resources you’re looking for and summarized by topic:

  • General Privacy
  • Data Security & Identity Theft
  • Credit Reporting & Financial Privacy
  • International Enforcement
  • Children’s Privacy
  • Do Not Call.

ADVOCACY. When government agencies, courts, or other decision makers are considering actions that could impact consumers or competition, the FTC may offer insights based on its years of experience. The 2018 Update describes the FTC’s comments to the CPSC on the Internet of Things and NTIA on privacy. Also included: links to key congressional testimony.

RULES. Are you up on what’s what with privacy- and security-related regulations within the FTC’s purview? The Update offers a thumbnail of what each one requires and 2018 developments.

WORKSHOPS. The FTC has sponsored more than 70 workshops, town halls, and roundtables to bring people together to talk over emerging issues in consumer privacy and security. In 2018, the FTC hosted PrivacyCon, an international forum on the latest academic research; a workshop on combating cryptocurrency scams; and three events centered on big data, artificial intelligence, and data security convened as part of the ongoing Hearings on Competition and Consumer Protection in the 21st Century.

REPORTS AND SURVEYS. To date, the FTC has published more than 60 reports probing consumer privacy and data security issues. Contributions in 2018: a study of mobile security updates and staff perspectives on connected cars, informational injury, and cybersecurity for small business.

CONSUMER EDUCATION AND BUSINESS GUIDANCE. Educating consumers and businesses about privacy and data security is critical to the FTC’s mission. In 2018 we distributed millions of brochures in English and Spanish covering everything from fundamental security ABCs to sophisticated defenses against emerging threats. New titles address changes to the law regarding credit freezes, cybersecurity for small business, virtual private network apps, and scams targeting smaller companies, to name just a few. In addition, hundreds of thousands of subscribers receive the FTC’s Consumer Blog and Business Blog, which regularly touch on timely privacy-related topics.

INTERNATIONAL ENGAGEMENT. A key part of the FTC’s privacy and security mission is to engage international partners to develop mutual enforcement cooperation on privacy and data security investigations. The FTC also plays a lead role in advocating for strong, globally interoperable privacy protections for consumers around the world. The Update includes highlights of how the FTC worked with international counterparts in 2018.

How can you use the 2018 Update? Keep it as a handy reference guide, consult the lists and links, reread it when looking for FTC privacy and security resources, and consider it when drafting client alerts, blogs, or social media content about FTC enforcement and policy initiatives.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

hideyuki A
March 15, 2019
I've been working on my personal computer, but I am looking forward to seeing it. Are you sure you want to send the report materials by overseas mail?
FTC Staff
March 15, 2019

In reply to by hideyuki A

The report is available online. Follow the link in this blog post to read, print or download the report.

April 27, 2019
This is so helpful
July 08, 2019
If my NPPI (documents containing SSN, DOB, banking info) is sent in an unsecured email to non-privy parties, is that a violation of this Act?
FTC Staff
July 15, 2019

In reply to by Guest

If you think a business has not protected your personal information you can report that to the FTC at The information you give goes into a secure law enforcement database that the FTC and other law enforcement agencies use for investigations.

July 09, 2019
Does the FTC govern businesses who transmit information belonging to a non-customer to an unauthorized party? For instance, an email was sent unencrypted- with an attachment containing the SSN, DOB & personal bank information of that consumer...
FTC Staff
July 15, 2019

In reply to by Guest

If you think a business has not protected your personal information you can report that to the FTC at The information you give goes into a secure law enforcement database that the FTC and other law enforcement agencies use for investigations.

More from the Business Blog

Get Business Blog updates