Entities Subject to FTC Act. The FTC Act and related FTC-issued rules and guidelines apply to most companies and individuals doing business in the U.S. The Act does not focus on one specific industry or type of data. Type of Data Regulated. There is likewise no specific category or type of personal information that is regulated under the FTC Act. It broadly prohibits unfair and deceptive acts or practices that affect consumer personal information. Unfair or Deceptive . Section 5 of the FTC Act prohibits “unfair or deceptive trade practices in or affecting commerce.” The FTC has enforced the FTC Act against companies that have made false or deceptive claims about privacy and security of customer data. The FTC has brought several actions against companies that claimed in a privacy policy that they employed reasonable measures to protect customer data. The FTC concluded that the security measures used by the businesses were insufficient. Similarly, if a company states on its website that customer information will never be shared, that statement may be considered “deceptive” if the information is disclosed to third-party service providers or even to acquiring entities in an asset sale. A good way to learn how to avoid an FTC enforcement action is to review the FTC actions and determine what activities caused concern. We have listed a few of these FTC actions in this Guide. More details on FTC enforcement and consent decrees can be found at the FTC website. Privacy Notices and Policies. Although the FTC Act does not specifically require that a “Privacy Notice” be posted on a company’s website, the FTC has consistently maintained the position that the use or dissemination of personal information contrary to a posted privacy policy is a deceptive trade practice under the FTC Act. The key to compliance with the FTC Act is therefore to make sure that your website privacy statement or notice is consistent with actual practice. The easiest way to get in trouble with the FTC for a violation of the FTC Act is to have a privacy policy on a website that suggests that no personal information will be shared with any third party when such information is actually shared. 24
Made with FlippingBook - Online Brochure Maker