Plymouth Rock Assurance
A Preliminary FTC Staff Report on "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers"
Organizations should think of themselves as stewards of a consumer s information. In other words, a person s uniquely identifiable data is on loan to the organization governed under the aegis of an explicit contract clearly agreed upon at the time of the exchange. Similar to the security principle of least privilege, organizations should by default assume that personally identifiable data should only be used for the purpose at hand and not transferable. The contract can be expanded if at the time of the exchange the consumer explicitly grants an organization permission to further use or transfer his or her data.