This past Friday, Commissioner Maureen K. Ohlhausen of the Federal Trade Commission participated in an “Ask Me Anything” (“AMA”) forum on the popular social news website, Reddit.com. One of the newer FTC Commissioners, Commissioner Ohlhausen joined the Commission in April 2012 after serving as a partner at Wilkinson Barker Knauer, LLP. The AMA generally focused on “the FTC’s approach to consumer privacy,” but the questions touched on a number of issues. Here are a few noteworthy highlights:
Transparency- It’s virtually impossible to discuss information privacy without discussing the NSA disclosures, and the Commissioner’s AMA was no exception. One user asked the question directly, “Does the government have the right to view your data? [Y/N].”
This is a critically important topic and is getting tremendous attention. Like you, every day I am reading accounts of what information is being collected and from whom. With respect to the FTC’s role however, our jurisdiction is over commercial privacy, not government privacy. With that said, it’s critical that policy makers act thoughtfully and appropriately to balance appropriate privacy concerns with the important job of protecting American citizens. It’s a very challenging task.
First Party and Third Party Sharing- Some users seemed concerned with third-party information sharing and what the FTC was doing “about data brokers and their ability to create profiles on users.”
We have also heard concerns about how consumer information is shared with third parties. In response, the Commission recently began a formal study of the data broker industry. We sent out formal requests for information to nine large data brokers to learn more about their practices, including how they use, share, and secure consumer data. It is vital that we have a good understanding of how data brokers operate because appropriate use of data can greatly benefit consumers through better services and convenience while inappropriate use or insecure maintenance of data could cause significant harm to consumers. We will carefully analyze the submissions from the companies and use the information to decide how to proceed in this area.
The Commissioner was also asked about information collected by apps and websites that is “not german[sic] to the apps[’] primary function.” Specifically, the user questioned “Why does Zynga [a popular app gaming company] get all my Facebook data if I just want to play Scramble with Friends?”
Speaking for myself, as long as the app or website has clearly disclosed to users what information it collects and how it may be shared, it is up to the user (assuming he or she is an adult) to decide whether or not to use that app or website. Offering different privacy options to consumers may spur competition among apps and websites, however, and increase choices for consumers with differing privacy preferences.
Small Company Compliance- One user asked how the FTC “could encourage small companies that collect consumer data to take the necessary expense of safeguarding the data.”
In many ways, good data security practices cost next to nothing. Shredding confidential paperwork, training staff to keep personal information safe, and limiting what you collect in the first place are all cost-effective examples. Here’s something else to consider. In the long run, NOT implementing reasonable data security can wind up costing small businesses even more. The FTC has free resources for small businesses at http://www.business.ftc.gov to help implement best practices at your company.
Proactive Consumer Protection: One question that was asked was what the “average consumer/citizen” can do to protect their privacy. Commissioner Ohlhausen seemed happy to respond.
The FTC has lots of suggestions for consumers on how to protect their privacy and foil identity thieves. Just a few tips: 1) Shred paperwork that includes personal information. 2) Keep your online virus and malware software up to date. 3) Don’t respond to unsolicited email that claims to be from your credit card company or bank. It’s likely a phishing scam. 4) Don’t give out your Social Security number without asking tough question like “Why do you need it?” and “How do you plan to keep my information secure?”
If your personal information has been breached, be sure to read your bills and statements line by line to watch out for unauthorized charges. And exercise your legal right to get a copy of our credit report at http://www.annualcreditreport.com. If you see accounts you didn’t open, contact the company immediately. For more privacy protection tips, visit http://www.ftc.gov/idtheft.
Overall, the Commissioner’s AMA seemed very informative, and will hopefully encourage other Commissioners to engage in similar forums with the consumers they are appointed to protect. That being said, the conversation had its light-hearted moments, too. When asked “There is a man reading this over my shoulder. How can I get him to back off,” the Commissioner responded, “This shows that privacy issues are not limited to the online world.”
The full AMA can be found here