Kevin Moriarty from the Division of Privacy and Identity Protection of the Federal Trade Commission addressed the privacy conference on Wednesday. His discussion focused on the current FTC policy work, including workshops and privacy roundtables. Kevin reviewed historical cases brought under Section 5 of the FTC Act, and ended with words of advice to prevent your organization from becoming a target of an FTC enforcement action. He suggests you:
- Review the FTC website and use the Consumer Protection Resources. (Kevin said the FTC looks favorably on organizations that can show they have reviewed the site and used the resources provided.)
- Keep your promises; do what your privacy policy says you do.
- Share information only for permissible purposes.
- Dispose of information properly –don’t forget about paper!
- Keep up with common threats such as stolen credentials, SQL injection attacks, and access to Wi-Fi networks.
- Develop an incident response plan before you have an incident.
Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates.