On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as well as guides data protection strategies for 2018. The report provides a detailed review of the FTC's areas of enforcement and international privacy protection updates, as well as the FTC's domestic educational and cyber initiatives in 2017.
As it is primarily an enforcement agency, the FTC recapped its 2017 enforcement efforts in the data privacy world. Most importantly, on Dec. 14, 2017, the FTC regained jurisdiction from the Federal Communications Commission to regulate internet access service (BIAS) providers. This represents a massive shift back to the FTC in data privacy enforcement jurisdiction. We previously discussed this decision and its impact in a recent blog post.
The FTC explained that the goal of enforcement is to protect consumer personal information. The FTC accomplishes this task by, for example, bringing privacy and data security cases against violating companies and compelling them to change their data security procedures to cover "implementation of comprehensive privacy and security programs, biennial assessments by independent experts, monetary redress to consumers, disgorgement of ill-gotten gains, deletion of illegally obtained consumer information, and providing robust transparency and choice mechanisms to consumers." The FTC conducted research and reporting through workshops and educational materials on best practices regarding data security. The FTC report provided descriptions of 2017 privacy and data security matters that the FTC prosecuted.
The FTC also recapped its international enforcement efforts. It sought enforcement actions under the...