Looking for guidance on privacy and data security?
Federal Trade Commission Chairwoman Edith Ramirez offered three tips to businesses at a recent speech at the Law and Information Society Symposium at Fordham Law School.
First, companies must ensure that privacy remains top of mind companywide. Employees must be aware of and trained on the issue of privacy, with designated personnel assigned to the task. Companies should also regularly assess how the company’s practices, products, and services impact consumer privacy.
“Companies should only collect the data they need for the specific purpose and then dispose of it,” the Chairwoman told attendees. “I question the notion that we must put sensitive consumer data at risk at the chance a company might someday discover a valuable use for that information.”
Her second piece of advice: Consumers should be provided with “meaningful notice” and choice about the unanticipated use of their data. Ramirez acknowledged that sharing disclosures with consumers can be challenging in new products, but emphasized that it still needs to be done (offering suggestions such as video tutorials or “privacy dashboards”).
“The ingenuity that brought us these new technologies can also develop effective ways to provide notice to consumers on mobile phones, where small screens are often a challenge, and on Internet of Things devices that often may have no consumer interface at all,” the Chairwoman explained.
Finally, Ramirez said companies should renew their focus on data security, in particular the growing number of new technologies such as mobile payments and the Internet of Things. Specifically, she advised that businesses incorporate security by design, a practice that covers the lifecycle of a product, that they test prior to launch and encrypt data in transit and at rest, and that they patch known vulnerabilities if (or when) they occur.
“If you look at the 50 data security actions the FTC has brought over the last several years, it really reflects that companies, in my view, aren’t paying attention to some of the key fundamentals when it comes to data security,” Ramirez said. “So I think that’s one of our most significant challenges.”
Why it matters: “We have an important opportunity to ensure that new technologies that have the potential to provide enormous benefits develop in a way that also protects consumer information,” Ramirez told attendees. “If companies commit to the steps that I’ve outlined, I think we can go a long way to addressing some of the key global privacy challenges that we face.”