1 / 29

Federal Trade Commission Protecting Consumer Privacy

Federal Trade Commission Protecting Consumer Privacy. J. Howard Beales, III, Director Bureau of Consumer Protection Federal Trade Commission. FTC’s Approach to Privacy. Consumers are concerned about consequences Focus on misuse of information No distinction between online and offline

silas
Download Presentation

Federal Trade Commission Protecting Consumer Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Trade CommissionProtecting Consumer Privacy J. Howard Beales, III, Director Bureau of Consumer Protection Federal Trade Commission

  2. FTC’s Approach to Privacy • Consumers are concerned about consequences • Focus on misuse of information • No distinction between online and offline • Benefits of Information Sharing

  3. The National Do Not Call Registry • Telemarketing Sales Rule Amendments Adopted December 2002 include Do Not Call • Giving Consumers a Choice • 61 million telephone numbers registered since June 27 • Consumers with registered numbers have filed over 300,000 complaints since October 11 • Harris Poll found that 92% of the respondents have received fewer calls since registering

  4. Enforcing Do Not Call • National Consumer Counsel • Masqueraded as a nonprofit debt negotiation organization • Called consumers who placed their phone numbers on the National Do Not Call Registry

  5. Identity Theft • Survey Results Released September 2003 • The research took place during March and April 2003 • Involved a random sample telephone survey of over 4,000 U.S. adults

  6. Incidence of Identity Theft, Past Year1 Federal Trade Commission 9.9 million victims (4.6%) Victims in Millions 5.2 million victims (2.4%) 3.2 million victims (1.5%)2 1.5 million victims (0.7%) New Accounts & Other Frauds Other Existing Accounts Existing Credit Card Only Total Victimization 1Source: Identity Theft Survey Report conducted by Synovate for the FTC (March-April 2003). 2Based on the U.S. population age 18 and over (215.47 million) as of July 1, 2002 (Source: Population Division, U.S. Census Bureau; Table NA-EST2002-ASRO-01).

  7. How Thief Obtained Victim’s Information1 Federal Trade Commission 1Source: Identity Theft Survey Report conducted by Synovate for the FTC (March-April 2003). Percentages based on respondents who indicated they had been the victim of identity theft within the past five years.

  8. Cost of Identity Theft in the Last Year1 Federal Trade Commission September 2003 $47 billion $33 billion (in billions) $14 billion 1Source: Identity Theft Survey Report (Table 2, page 7) conducted by Synovate for the FTC (March-April 2003).

  9. Money Victim Paid Out of Pocket1 Federal Trade Commission Average Per Victim: $500 1Source: Identity Theft Survey Report conducted by Synovate for the FTC (March-April 2003). Percentages and average per victim based on respondents who indicated they had been the victim of identity theft within the past five years.

  10. Identity Theft • Role of Law Enforcement • Civil Actions: “phishing” cases • Criminal Prosecution

  11. Identity Theft • Other Law Enforcement cases • TriWest • TCI

  12. Legislative DevelopmentsFACTA FACTA (Fair and Accurate Credit Transactions Act of 2003) amends the Fair Credit Reporting Act. Creates new rights for consumers in the credit arena, including: ●Annual free credit reports ●Streamlined dispute process ●Expansion of consumers’ adverse action rights

  13. FACTA & IDTPrevention & Victim Assistance ▪ Codifies the Fraud Alert Procedure ▪ Trade Line Blocking for Credit Reports ▪ Credit card truncation on Receipts ▪ ID theft red flags for Bank Examinations ▪ Require proper disposal of consumer report information

  14. Information Security: General Principles • Section 5 of the FTC Act: deceptive or unfair practices are illegal • Promises to keep consumers’ information secure must be truthful • When security measures inadequate, those promises are deceptive • Failure to take reasonable security precautions may also be unfair

  15. Security Procedures Must Be Appropriate In The Circumstances • Inadvertent release of sensitive personal information due to inadequate security procedures – Eli Lilly • Our analysis: were there reasonable procedures in light of the sensitivity of the information to prevent such breaches? • What constitutes reasonable and appropriate procedures is linked directly to the sensitivity of the information collected by the company

  16. Law Violations Without a Known Breach • Companies Cannot Simply Wait for a Breach to Occur • Must Take Reasonable Steps to Guard Against Reasonably Anticipated Vulnerabilities • Breach or No Breach is not Determinative -- Microsoft

  17. Assessing Risks and Vulnerabilities • Security is a process • Information security program assesses reasonable and foreseeable risks and threats • Must assess and adjust to new technologies, new threats: Guess.com

  18. Creating Vulnerabilities • Making sure that you do not create vulnerabilities • A system upgrade introduced a security vulnerability that allowed web users to access order history records and to view certain personal information: Tower

  19. Notice • Case-by-case determination of when appropriate • Sensitivity of information breached • Other parties besides consumers may best in best position to reduce harm

  20. Spam • Three-pronged approach • Research • Targeted Law Enforcement • Education

  21. Spam Research False Claims in Spam Study April 2003 • Two-thirds of spam appears to be deceptive on its face, and likely violates the FTC Act • Much of the rest is pornography or offers for illegal products or services • Only 16.5% of the spam did not sell an illegitimate product or service.

  22. Spam Research: False Claims in Spam Study • Most spam is not from large companies • Random sample of 114 pieces of spam: • None was sent by a Fortune 500 company • Only one was sent by a Fortune 1000 company • 95% confident that less than 5% of the 11.6 million pieces of spam in our database came from Fortune 1000 companies.

  23. Spam Law Enforcement • Targeted Law Enforcement • 62 cases addressing deceptive spam • Our spam database receives over 250,000 pieces of spam daily • Challenges presented by enforcement

  24. CAN-SPAM Cases • Phoenix Avatar, et al. • Alleged violations of the FTC Act and of CAN-SPAM • Cooperation with DOJ lead to a criminal indictment against all defendants • Global Web Promotions, et al. • Alleged violations of the FTC Act and of CAN-SPAM • Defendants located in Australia and New Zealand

  25. CAN-SPAM Rules and Reports • Additional rules interpreting certain CAN-Spam provisions • Studies • Do-Not-Email Registry • Special labeling of sexually explicit spam • Labeling of all spam • Bounty system to promote enforcement • Report to Congress due in 2 years

  26. Spam Education • Open Relay Project: Our first international effort to identify insecure mail servers • Operation Secure Your Server: Worldwide effort to close spammers’ access to anonymity

  27. WHAT CAN I EXPECT FROM THE FTC IN THE COMING YEAR?

  28. Top Priorities • Do Not Call Enforcement • FCRA • Information Security • Spam

  29. Federal Trade Commission For the Consumer 1-877-FTC-HELP www.ftc.gov

More Related