Federal Trade Commission Act (FTC Act) Section 5 of the Federal Trade Commission Act (FTC Act, 15 U.S.C. § 45) is a federal consumer protection law that prohibits unfair or deceptive commercial practices and has been applied to business practices that affect consumer privacy and data security. The FTC is the most active federal agency relative to privacy matters and has initiated enforcement actions against businesses for, among other things: 1) failure to comply with statements made in their website privacy policies; 2) making material changes to privacy policies without adequate notice to consumers; and 3) failure to provide reasonable and appropriate security and protections to safeguard consumer information. Entities Subject to FTC Act. The FTC Act and related FTC-issued rules and guidelines apply to most companies and individuals doing business in the U.S. The Act does not focus on one specific industry or type of data. Type of Data Regulated. There is likewise no specific category or type of personal information that is regulated under the FTC Act. It broadly prohibits unfair and deceptive acts or practices that affect consumer personal information. Unfair or Deceptive . Section 5 of the FTC Act prohibits “unfair or deceptive trade practices in or affecting commerce.” The FTC has enforced the FTC Act against companies that have made false or deceptive claims about privacy and security of customer data. The FTC has brought several actions against companies that claimed in a privacy policy that they employed reasonable measures to protect customer data. The FTC concluded that the security measures used by the businesses were insufficient. Similarly, if a company states on its website that customer information will never be shared, that statement may be considered “deceptive” if the information is disclosed to third-party service providers or even to acquiring entities in an asset sale.
24
Made with FlippingBook - Online Brochure Maker