The FTC has authority under the Federal Trade Commission Act to bring enforcement actions to stop unfair and deceptive acts or practices. Results of enforcement actions can be harsh and long-lasting; companies should follow these basic rules to avoid becoming a target of an FTC action.
Wisconsin
Lawyer
Vol. 81, No. 3, March
2008
FTC Lessons to Avoid Unfair and Deceptive Trade Practices when
Conducting
Internet Commerce
The FTC has authority under the Federal Trade Commission Act to bring
enforcement actions to stop unfair and deceptive acts or practices.
Results of
enforcement actions can be harsh and long-lasting; companies should
follow
these basic rules to avoid becoming a target of an FTC action.
1) Do what you say. Every FTC privacy case involves an
allegation that
the target company failed to do what it expressly or impliedly promised.
2) Say what you do. In a clear and conspicuous
way, a company should
say exactly what data it collects and how it uses the information.
3) Have reasonable and appropriate security
practices. Strong privacy practices are not enough; a company also
must have security practices that
are reasonable and appropriate to the nature of the data.
4) Provide training and oversight. Having the right
privacy policy is
not enough; a company must take reasonable steps to provide training and
oversight to ensure the policy is properly implemented.
5) Do not retroactively change rules to the detriment of
consumers. A company cannot apply material privacy policy changes to
information
collected before the new policy was in place unless the company at least
provides
clear, conspicuous, advance notice as to what changes will occur and
obtains
consumer consent.
6) The cost of noncompliance is
high. The FTC commonly resolves complaints by requiring a 20-year
consent decree that describes in detail
specific steps a target company must take, subject to FTC oversight.
Judgments also
may require substantial civil penalties and consumer redress and high
technical
and legal fees.
7) All companies must be aware of the FTC
rules. The FTC privacy and security rules apply to
all companies, not just those specifically subject
to detailed financial services industry regulation.
Wisconsin
Lawyer