March.08.2012
On February 23, 2012, the White House released a report entitled Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, setting forth the Obama Administration's blueprint for strengthening online privacy. The centerpiece of the Report is a proposed "Consumer Privacy Bill of Rights" designed to give consumers greater control over how their personal data is used on the Internet.
The Privacy Bill of Rights lays out seven core principles that online users should reasonably expect from every company doing business online: (1) Individual Control over what personal data companies collect from them and how they use it; (2) Transparency in the form of easily understandable and accessible information about the company's privacy and security practices; (3) Respect for Context such that personal data is collected, used and disclosed in ways that are consistent with the context in which consumers provide the data; (4) Security that guarantees secure and responsible handling of personal data; (5) Access and Accuracy to request, receive and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate; (6) Focused Collection that reasonably limits the personal data that companies collect and retain; and (7) Accountability on the part of companies in the form of appropriate policies and practices that ensure adherence to the Consumer Privacy Bill of Rights.
On the heels of the White House Report, the FTC released its annual list of top consumer complaints on February 28. "Identify theft" complaints topped the list with 15 percent of the tracked complaints. Other major complaint categories included "prizes, sweepstakes, and lotteries" (6 percent), "banks and lenders"(5 percent), "internet services" (5 percent) and "telephone and mobile services" (4 percent). Given the explosion of online business models that monetize the use of consumer data (e.g., online advertising), and the rapid growth in data-hacking and breach incidents, the complaint survey foreshadows some of the agency's overall data privacy priorities in the online space.
The FTC also recently issued a staff report describing the results of a survey of mobile apps for children, which concluded that neither the app stores nor the app developers provided sufficient disclosures to allow parents to determine what data is being collected from their children, how it is being shared or who will have access to it—issues governed by the Children's Online Privacy Protection Act (COPPA), which carries potentially stiff monetary penalties for non-compliance.
Given the renewed focus on privacy protection matters at the highest levels of the Administration, Federal Trade Commission and Industry, companies doing business online are well advised to take a hard look at their internal data management procedures, privacy policies and terms of use, and third-party data-processing vendors. Identifying potential vulnerabilities early on can help to mitigate unwanted disruption and expenses down the road.