At the Federal Trade Commission, we’ve been very public about how we feel about privacy: we want consumers to enjoy the benefits of innovation in the marketplace, confident that their personal information – online and offline – is being handled responsibly.
Today is Data Privacy Day and, marking the occasion, we’re releasing our 2015 Privacy and Data Security Update, highlighting the initiatives we undertook last year to meet that goal, including law enforcement, reports, public workshops, educational efforts, and international cooperation.
Our initiatives last year included launching IdentityTheft.gov, a new resource to help people report and recover from identity theft. Just this week, we enhanced the website. Identity theft victims now can get free, interactive personal recovery plans, step-by-step guidance, and pre-filled letters and forms to speed their recovery.
You can spread the news about IdentityTheft.gov to your employees, customers, and communities. Identity theft can be financially and emotionally overwhelming for its victims. It makes good business sense to help victims get into the fast lane on the road to recovery.
Identity theft is just one of the challenges we see in the privacy and data security arena, where new and emerging technologies have created an environment in which data is collected from consumers wherever they go, often invisibly and without their knowledge.
In 2015, we brought or resolved enforcement actions against:
- companies that we charged failed to secure consumers’ personal information, including Oracle; Wyndham; and Lifelock;
- businesses that we alleged misused consumers’ information, such as Sequoia One and CWB Services, LLC, or tricked seniors and others into disclosing their financial information, like Pairsys, Inc. and Click4Support, LLC; and
- organizations that we alleged violated children’s privacy, including Retro Dreamer and LAI Systems.
We also hosted workshops and issued reports on cutting-edge issues such as the Internet of Things, cross-device tracking, and online lead generation. Earlier this month we hosted PrivacyCon, a first-of-its kind FTC event examining pioneering research and trends in protecting consumer privacy and security.
To guide businesses that want to avoid data security pitfalls, we’ve offered an answer: Start with Security. It’s our latest business outreach campaign and includes a guide for businesses that summarizes the lessons learned from the FTC’s 50+ data security settlements, as well as videos and conferences that bring business owners and developers together with industry experts to discuss data security.
Each of our projects in the privacy and data security arena has been informed by a central message: even in the face of rapidly changing business models and technologies, companies still need to follow fundamental privacy principles, including:
- Don’t collect or retain more data than you reasonably need;
- Tell consumers how you plan to use and share their data;
- Give consumers choices about their privacy; and
- Protect data from unauthorized access.
We’re committed to working with businesses to protect consumers’ privacy in this increasingly digital era. Please take some time to review the Start with Security messages and IdentityTheft.gov, and see how they might fit into your company’s plans for 2016. And if you want more details about the FTC’s activities, check out the 2015 Privacy and Data Security Update.