Chairman Details Progress Made in Implementing The Federal Trade Commission's New Privacy Agenda

Presenting remarks titled "Protecting Consumers' Privacy: Goals and Accomplishments" today at the Networked Economy Summit in Reston, Virginia, Federal Trade Commission Chairman Timothy J. Muris said that the FTC has made significant strides in implementing the Privacy Agenda announced last October, and pledged continued diligence to ensure that consumers are protected as the "information economy" grows more complex.

"Among [the Commission's] many challenges, protecting consumers' privacy has become a top priority," Muris said in opening his remarks. "Last October I described my plans for an aggressive FTC agenda - with new resources, new initiatives, and new cases. Over the last eight months, we have put those plans into action. Today, I want to tell you about the progress we have made."

The framework used to implement the new privacy agenda, and achieve the desired results, Muris said, has focused on the misuse of consumer information, regardless of whether that information was collected online or off. Although most consumers realize there are trade-offs in the information economy between sharing information and benefits received, the consumers' real concern is that their personal information will be misused by those collecting and sharing it.

To illustrate how the FTC is working to address these concerns, Muris presented detailed accomplishments from the past eight months that demonstrate how the Commission has worked to achieve the goals of its new Privacy Agenda. Calling the progress "significant," the Chairman first explained how the FTC is working to protect consumers from unwanted telemarketing through the proposed establishment of a one-stop, national do-not-call registry. Such a registry, he said, would allow consumers to eliminate most telemarketing calls "just by calling one toll-free number and putting their name on the [list]." When the comment period on the proposal ended in April, he said, the Commission had received more than 40,000 comments, and a public forum on the proposed registry was held in early June in Washington, D.C. "I look forward to a full analysis of the comments and the workshop discussion to assist in our decision on the rulemaking proposal," he said.

Muris next addressed the issue of pre-acquired credit card numbers, saying that "consumers are also concerned that their financial and personal information will be disclosed in ways that harm them." The Gramm-Leach-Bliley (GLB) Act specifically restricts the sale of such information by financial institutions, he said, but others, including telemarketers, "remain free to exchange this sensitive information." Accordingly, the FTC has taken several steps to protect consumers in this area, including a proposed amendment to the Telemarketing Sales Rule (TSR) that would prohibit telemarketers from exchanging credit card numbers and other such pre-acquired account information. The Chairman also cited enforcement actions designed to complement the rulemaking initiative, including one case that led to a $9 million settlement with a major telemarketer.

On the subject of Internet spam, Muris said that the FTC receives about 42,000 samples of deceptive spam - forwarded by computer users - each day, and stores it in an electronic mailbox called the "refrigerator." Living up to his October pledge to "take the spam out of the refrigerator," the Chairman outlined numerous law enforcement cases the FTC has brought over the past eight months, including one against a company that told consumers they had won a Sony PlayStation 2, only to route them to an X-rated Web site with charges of up to $3.99 a minute. He also described the Commission's "remove me" project, designed to test the efficacy of using such e-mail to get oneself taken off of spam lists. "We found that most of the addresses were invalid," Muris said. "In other words, the removal option did not work." He said that the Commission has contacted many of these businesses, and will follow up with law enforcement actions if they continue to fail to honor their "remove me" promise.

The Chairman next addressed the issue of pretexting - a practice through which "information brokers," under the pretext of being consumers, deceive banks and others into revealing sensitive, confidential financial information. The FTC surfed more than 1,000 Web sites last year and reviewed more than 500 ads for firms offering to conduct financial searches, he said. The surf led to more than 200 warning letters to individual firms, along with three federal district court cases for alleged pretexting. Targets currently are being selected for a second round of enforcement, Muris said, noting that the Commission is expanding its review to include not only those that promote pretexting, but also those that knowingly solicit pretexting services.

Similarly, the FTC has been active in enforcing the provisions of the Fair Credit Reporting Act (FCRA). "In October, I pledged to take steps to ensure high levels of compliance with the FCRA, especially with respect to its requirement that users of consumer information notify consumers whenever information in a credit report is used to deny them credit, insurance, employment, or other benefits such as housing," Muris said. In accomplishing this goal, the FTC conducted a sweep of 15 landlords in five major cities. The findings were encouraging, but some of the established procedures were imperfect. Accordingly, the Commission extended its education outreach efforts to landlords nationwide to inform them about the law and how to comply with its provisions.

The FTC also has been actively involved in controlling ID theft, Muris said. In the past year alone, the Commission received complaints from more than 86,000 victims of ID theft, representing almost half of all complaints in the FTC's Consumer Sentinel Database. This centralized database, Muris said, is now accessible by officers and agents at more than 300 law enforcement agencies nationwide, allowing such theft to be targeted not only at the federal level, but at the state and local levels, as well. To complement this information exchange, the FTC has conducted ID theft enforcement training that has been attended by representatives from more than 100 different law enforcement agencies over the past year. In addition, the Commission has worked closely with the U.S. Secret Service and the Justice Department, which in April announced an ID theft enforcement sweep that resulted in 73 criminal prosecutions.

Another component of the Privacy Agenda, Muris continued, is enforcing the Children's Online Privacy Protection Act (COPPA). Enacted in 1998, COPPA is designed to prevent the collection of personally identifiable information from young children without their parents' consent. In April, he said, the FTC brought its sixth law enforcement action against a company for alleged noncompliance with the Act, and pledged that "our enforcement and education efforts will continue."

Ensuring that companies abide by their privacy promises is also a priority of the Privacy Agenda, the Chairman said, highlighting a recent settlement with Eli Lilly. The Lilly case involved the alleged inadvertent disclosure of the e-mail addresses of certain users of Lilly's prozac.com Web site. The Commission's complaint alleged that Lilly's privacy policy promised to take appropriate steps to protect the security of the information. Lilly's failure to implement those security procedures allegedly led to the unintentional disclosure of the information. According to Muris, the Lilly settlement highlights the importance of security to the protection of consumer privacy.

Finally, Muris addressed the subjects of consumer information and privacy notices. He noted that just last month, the FTC finalized the Safeguard Rule to implement the GLB Act requirement that financial institutions establish and maintain a security program to protect the personal information they collect. Regarding privacy notices, he said that the first round of notices recently sent to consumers by financial institutions were "almost universally regarded as unsatisfactory." The FTC accordingly held a "Get Noticed" public workshop last December, the goal of which was to help companies draft statements that are actually readable and understandable by consumers.

In concluding his remarks, the Chairman described one of his favorite "Peanuts" cartoons, in which Charlie Brown first shoots an arrow at a fence and then draws a target around it, ensuring he gets a bulls-eye. "It might have worked for Charlie Brown, but not for us," Muris said, regarding implementation of the FTC's Privacy Agenda goals. "We have our targets in place. We are sending out many arrows. Our law enforcement and related initiatives indicate that our aim is darned good."

Copies of the Chairman's speech are available from the FTC's Web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.