Antitrust Section sponsors consumer protection conference focusing on enforcement trends and best business practices

The legal framework under which the Federal Trade Commission can enforce privacy and information securities matters includes not only Section 5 of the FTC Act but an “alphabet soup” of other laws, said FTC Commissioner Pamela Jones Harbour at a recent ABA CLE program in Washington, D.C. Harbour was speaking for herself and not in her capacity as a commissioner during “Privacy and Information Security—Enforcement Trends and Best Practices” on Jan. 29. The program was part of the Section of Antitrust Law’s inaugural conference examining consumer protection issues.

Joining Harbour on the panel were Reed Freeman, Washington, D.C., Trevor Hughes, director, International Association of Privacy Professionals in York, Maine; and Fran Maier, executive director of TRUSTe in San Francisco. Cleveland-based lawyer Thomas F. Zych served as moderator for the session.

Harbour pointed out that Section 5 deals with enforcing privacy by prohibiting unfair or deceptive practices, unfair practices being ones that cause substantial consumer injury. In addition to Section 5, the commission uses such laws as Gramm-Leach-Bliley, the Children’s Online Privacy Protection Act, “Do Not Call” legislation and CAN-SPAM, the Controlling the Assault of Non-Solicited Pornography and Marketing Act, as enforcement tools against privacy and security infringement. Freeman went into further detail about the number of cases involving data breach, spam, spyware, and pretexting, by which individuals or companies obtain personal information under false pretenses. A PowerPoint of Freeman's presentation has been posted.

Harbour pointed out some questions and tips that lawyers may want to consider posing to their clients: “Does your client promote consumer trust through its security measures?,” “Does your client conduct periodic audits?” and “Does your client collect information judiciously?” Hughes added that it’s important to consider not only your own practices but also the practices of one’s partners.

Despite the array of laws that exist, there are gaps, said Hughes. In enforcing breaches, he said, it may be difficult to show that harm was done. In addition, technologies emerge and move quickly. Outside of the statutes, Hughes asserted, consumers or businesses may demand more protective measures. Two such examples are the Online Privacy Alliance, which has set forth best practices of companies to protect individuals’ privacy, and the principles set forth by the Networking Advertising Initiative that include posting of a privacy notice and notices to consumers, and outlines enforcement mechanisms. During the panel, Maier also gave details about the non-profit TRUSTe’s efforts to ensure online trust via certification of monitoring of Web site privacy and email policies and its work to resolve consumer privacy problems.

Back to top