On December 1, 2010, the FTC released its long-awaited staff report on privacy. Although the FTC set out to develop a framework for applying its existing authority under Section 5 of the FTC Act to modern privacy practices, the report is long on recommendations, but short on which of those recommendations constitute Section 5 requirements. The FTC’s proposed framework consists of three major elements: (1) “privacy by design,” in which a company should incorporate substantive privacy and information security practices into its everyday business (e.g., collecting only the data needed for a specific business purpose); (2) simplified consumer choice with respect to non obvious or implied uses and disclosures of information; and (3) greater transparency, including reasonable access to clearer, shorter, and standardized privacy policies. The FTC expects to release a final report, which may be more concrete, later in 2011.