To review everything the FTC did in 2019 dealing with consumer privacy and data security – Enforcement, Advocacy, Rules, Workshops, Consumer Education, Business Guidance, and International Engagement – it could take days to compile all that information. The FTC has an easier way to share those developments with your company, clients, and colleagues. Our annual Privacy & Data Security Update offers a to-the-point take on what happened in 2019.
Enforcement. The Update highlights major FTC cases addressing privacy, data security and identity theft, credit reporting and financial privacy, the EU-U.S. Privacy Shield framework, children’s privacy, and Do Not Call. Some of the names have been in the news – Facebook, Equifax, Google and YouTube, etc. – but there are many other in-case-you-missed-it privacy actions and data security matters that merit a second look.
Advocacy. The Update offers useful links to FTC congressional testimony on privacy and data security. You can also read the FTC staff comment on NIST’s proposed privacy framework.
Rules. Congress has authorized the FTC to issue rules regarding specific areas of consumer privacy and security. The Update offers a convenient list of some relevant rules the FTC enforces, including what’s currently under review: the GLB Privacy Rule, the GLB Safeguards Rule, and the COPPA Rule. New in ’19 was the Military Credit Monitoring Rule.
Workshops. As part of the agency’s Hearings on Competition and Consumer Protection in the 21st Century, we sponsored a forum about the FTC’s Approach to Consumer Privacy. The fourth annual PrivacyCon brought experts together to share their research, with a focus on the Internet of Things, AI, and virtual reality. We also hosted a workshop on the Future of the COPPA Rule and, in cooperation with the CFPB, convened a national conversation on Accuracy in Consumer Reporting.
Consumer Education and Business Guidance. In 2019, we published new consumer information about mobile payment apps, smartphone protection, and free credit monitoring for servicemembers. To multiply our efforts, we worked with national, state, and local partners on webinars, websites, articles, and in-person events, emphasizing imposter scams and identity theft prevention. For businesses, we continued to promote our Cybersecurity for Small Business campaign. People looking for up-to-the-minute information about privacy and data security followed our Business Blog and Consumer Blog, which featured almost 100 posts on those topics.
International Engagement. Using the U.S. SAFEWEB Act’s tools, the FTC works with international counterparts on cooperative law enforcement. One example from 2019: our work with the UK’s Information Commissioner’s office in actions against Cambridge Analytica and Aleksandr Kogan and Alexander Nix. We also advocate for sound policies to ensure privacy protections for consumer data transferred across borders. During the past year, the FTC participated in the third Annual Review of the EU-U.S. Privacy Shield Framework, the APEC Electronic Commerce Steering Group, and other initiatives, offering input on children’s privacy, health privacy, etc.
Read the 2019 Privacy & Data Security Update for an in-depth review. How can you use that information? If it’s been a minute since you’ve posted on your company’s social network, updated your blog, or tweeted, the Update offers lots of sharable content.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.