When the Federal Trade Commission, in conjunction with the White House, promulgated its Consumer Privacy Bill of Rights in February 2012, one of the more intriguing considerations was that the FTC appeared to be setting up a matrix by which a company's voluntary decision to adopt that matrix could become the basis for an FTC enforcement action. Now, after several months, it should be back at the forefront of data security considerations for U.S. businesses.
Earlier this summer, the FTC used that matrix in authorizing a federal action against Wyndham Worldwide Corp. and three of its subsidiaries – a development that highlights a possible change in stance from FTC Commissioner J. Thomas Rosch and illustrates for businesses the importance of developing detailed data/privacy policies.
Rosch voted with a unanimous majority of FTC Commissioners to authorize the federal action against Wyndham, but had dissented from the same portion of the FTC's privacy report and recommendation, which accompanied the release of the Consumer Privacy Bill of Rights in February.
This apparent development at the FTC will bear continued observation across the United States business community, and, at the same time, presents an excellent opportunity for all companies handling sensitive data to conduct an immediate evaluation of their privacy/data security policies and practices to assure that their practices are in complete alignment with their policies. Specific issues of concern include:
Enforcement and litigation risks and developments; Contingency breach response planning (including breach notification efforts to affected persons and relevant governmental agencies); Incident response planning (including possible external forensic investigations and...