Sign In
    Wisconsin Lawyer
    March 10, 2008

    FTC Lessons to Avoid Unfair and Deceptive Trade Practices when Conducting Internet Commerce

    The FTC has authority under the Federal Trade Commission Act to bring enforcement actions to stop unfair and deceptive acts or practices. Results of enforcement actions can be harsh and long-lasting; companies should follow these basic rules to avoid becoming a target of an FTC action.

    Wisconsin LawyerWisconsin Lawyer
    Vol. 81, No. 3, March 2008

    FTC Lessons to Avoid Unfair and Deceptive Trade Practices when Conducting Internet Commerce

    The FTC has authority under the Federal Trade Commission Act to bring enforcement actions to stop unfair and deceptive acts or practices. Results of enforcement actions can be harsh and long-lasting; companies should follow these basic rules to avoid becoming a target of an FTC action.

    1) Do what you say. Every FTC privacy case involves an allegation that the target company failed to do what it expressly or impliedly promised.

    2) Say what you do. In a clear and conspicuous way, a company should say exactly what data it collects and how it uses the information.

    3) Have reasonable and appropriate security practices. Strong privacy practices are not enough; a company also must have security practices that are reasonable and appropriate to the nature of the data.

    4) Provide training and oversight. Having the right privacy policy is not enough; a company must take reasonable steps to provide training and oversight to ensure the policy is properly implemented.

    5) Do not retroactively change rules to the detriment of consumers. A company cannot apply material privacy policy changes to information collected before the new policy was in place unless the company at least provides clear, conspicuous, advance notice as to what changes will occur and obtains consumer consent.

    6) The cost of noncompliance is high. The FTC commonly resolves complaints by requiring a 20-year consent decree that describes in detail specific steps a target company must take, subject to FTC oversight. Judgments also may require substantial civil penalties and consumer redress and high technical and legal fees.

    7) All companies must be aware of the FTC rules. The FTC privacy and security rules apply to all companies, not just those specifically subject to detailed financial services industry regulation.


Join the conversation! Log in to comment.

News & Pubs Search

-
Format: MM/DD/YYYY