rent, sell, or otherwise disclose personal information to third parties, but then it does. Enforcement. The FTC is the primary enforcer of the FTC Act and is also responsible for the enforcement of some other federal privacy laws for businesses that are not subject to other federal regulations, including GLBA, COPPA, FCRA, and FACTA. Actions the FTC can take include: 1) starting an investigation; 2) issuing a cease-and-desist order; or 3) referring to the Department of Justice for filing a complaint in court. Sanctions and Other Liability. The FTC Act provides penalties of up to $16,000 per offense. Criminal penalties include imprisonment for up to ten years. The FTC can also: 1) obtain injunctions; 2) provide restitution to consumers; and 3) require repayment of investigation and prosecution costs. Persons and entities who obtain, attempt to obtain, cause to be disclosed, or attempt to cause to be disclosed customer information of a financial institution (relating to another person) through false, fictitious, or fraudulent means, can be subjected to fines and imprisoned for up to five years. Criminal penalties of up to ten years’ imprisonment and fines of up to $500,000 (for an individual) or $1 million (for a company) may be imposed if the acts are committed or attempted while violating another U.S. law, or as part of a pattern of illegal activity involving more than $100,000 in a year. FTC Enforcement Actions. Important lessons can be learned from previous FTC investigations, settlements, and consent decrees. Settlements with the FTC and other government agencies also often provide for onerous reporting requirements, audits, and monitoring by third parties. Most FTC consent decrees include a 20-year term with regular audits of the company privacy practices. By reviewing these FTC actions and consent decrees, a business might learn what activities might be challenged by the FTC. Notable examples of FTC enforcement actions include:
27
Made with FlippingBook - Online Brochure Maker