Electronic Retailer - June 2012 - (Page 13)
FTC Releases Framework for the Future of Consumer Privacy
BY LESLEY FAIR
In a world of smartphones and smart grids, the smart money is on companies that play it smart with consumers’ information. Consistent with its 40 years’ experience protecting consumer privacy, the FTC’s new report — Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers — underscores that message and outlines a new privacy framework for the 21st century. The agency issued a Preliminary Report in December 2010 and received more than 450 comments from businesses, privacy advocates and consumers, including the Electronic Retailing Association and other industry groups. The Final Report retains the basic principles outlined previously, but with several important refinements: • Privacy by Design. From the get-go, companies should build privacy protections into their everyday business practices and into every stage of the development of products and services. That includes limiting data collection and retention, securing the information businesses hold on to, safely disposing of what they no longer need, and implementing reasonable measures to ensure information is accurate. • Simplified Choice. The preliminary report noted that elaborate “choice” mechanisms shouldn’t be necessary for certain “commonly accepted practices” – and may well get in the way of clarity. The final report refines that approach and concludes that choice needn’t be provided for data practices that people would expect, given the context of the transaction, the company’s relationship with the consumer, or as required or specifically authorized by law. What kinds of practices does the FTC have in mind? Things like product fulfillment and fraud prevention. But when choice counts, companies should offer it at a time and in a context that matters to people. Furthermore, companies should get people’s affirmative express consent before: 1) using consumer data in a way that’s materially different from what people were told when the information was collected; or 2) collecting sensitive data for certain purposes.
• Improved Transparency. Companies should increase the transparency of their data practices. What does the FTC have in mind? For example, businesses could develop clearer, more standardized privacy disclosures and could give people reasonable access to their information. The report also proposes important consumer protections with regard to data brokers. The report supports targeted legislation that would provide greater transparency about what they’re doing and calls on data brokers to explore creating a centralized website where data brokers could identify themselves and describe how they collect and use people’s information. The report also calls on Congress to consider enacting baseline privacy legislation, while urging industry to speed up the pace of self-regulation. What about businesses that don’t collect much information from consumers? To minimize the effect on those companies, the final framework doesn’t apply to them if they collect only non-sensitive data from fewer than 5,000 consumers a year, provided they don’t share the data with third parties. Looking for more on the subject? Bookmark the Privacy & Security portal at business.ftc.gov. Lesley Fair is an attorney with the FTC’s Bureau of Consumer Protection.
From the get-go, companies should build privacy protections into their everyday business practices and into every stage of the development of products and services.
June 2012 | electronicRETAILER
Table of Contents for the Digital Edition of Electronic Retailer - June 2012
Calendar of Events
Your Association,Your Bottom Line
IMS Retail Rankings
Jordan Whitney's Top Categories
Ask the Expert
From the Executive's Desk
Thinking Outside the Box
DRTV's New Best Practices
It's Time to Think Differently About Payment Processing
Electronic Retailer - June 2012