March 21, 2019

FTC report highlights privacy and data security enforcement and policy priorities

The Federal Trade Commission (FTC), the US’s chief privacy and data security enforcement agency, released its 2018 annual report highlighting the FTC’s recent enforcement, advocacy, and rulemaking activity.   In 2018, the FTC brought close to 40 enforcement actions addressing a wide range of privacy issues, including against: (1) a peer-to-peer payment company for misrepresenting its security systems and privacy settings; (2) a consumer reporting agency for failure to take reasonable steps to ensure the accuracy of information subject to the Fair Credit Reporting Act; (3) an electronic toy manufacturer for failure to implement adequate safeguards and for violating the Children’s Online Privacy Protection Act by collecting children’s data without obtaining parental consent; and (4) five separate companies for misrepresenting their certification status with the EU-US Privacy Shield Framework.   

The report also summarizes several of the FTC’s recent workshops and reports on topics including big data, artificial intelligence, mobile operating system patching, connected cars, informational injuries, and cybersecurity for small businesses.

FTC 2018 Privacy & Data Security Update