FTC Commissioner talks online privacy, puts data brokers on notice
- 27 January, 2012 09:18
As the Federal Trade Commission prepares to release a new framework of privacy principles to prod the Internet industry toward tighter protections for consumers' online data, one of the agency's commissioners said that she has grown particularly alarmed at the unchecked actions of data brokers to mine, analyze and potentially sell sensitive information.
Speaking at the George Washington University law school to mark Data Privacy Day, FTC Commissioner Julie Brill warned that companies engaged in the collection and sale of consumer data can expect closer scrutiny from the agency as it moves broadly to step up its efforts in the privacy arena.
Those concerns are heightened when reports bubble up about data brokers pairing online and offline information and packaging it into a predictive model that a life insurance provider, for instance, could use to shape the terms of a policy.
"Analysts are undoubtedly working right now to identify certain Facebook or Twitter habits or activities as predictive of behaviors relevant to whether a person is a good or trustworthy employee, or is likely to pay back a loan," Brill said. "Might there not be a day very soon when these analysts offer to sell information scraped from social networks to current and potential employers to be used to determine whether you'll get a job or promotion? Or to the bank, where you've applied for a loan, to help it determine whether to give you the loan and on what terms?"
In December 2010, the FTC released a preliminary report offering basic guidance for policymakers and members of Congress on a set of principles the agency had developed after a series of meetings with industry stakeholders, businesses, industry groups and others. That report laid out a series of proposals for protecting consumer privacy, including the idea of a do-not-track mechanism that would allow users to opt out of data collection programs patterned after the national do-not-call registry for telemarketers, with the final framework expected to be released early this year.
Brill indicated that the final report, which will formally stand as a set of nonbinding recommendations, will reinforce the guiding principles that animated the preliminary proposals, namely that companies should incorporate privacy by design as they develop new products, services and policies, and that users should be given the choice not to share information and businesses should make their data collection activities transparent.
While many Web companies and advertising outfits have taken steps to give users more insight into their profiles and control over what information is collected, privacy advocates continue to call on the FTC to take a tougher stance on the issue. And in certain instances it has. The agency last year reached high-profile settlements with Google and Facebook over complaints of unfair and deceptive practices and misleading disclosures, for instance, agreements through which the companies will submit to periodic reviews by an independent auditor, among other conditions. Asked about Google's recent changes to its privacy policies, Brill declined to comment, citing the consent agreement her agency reached with the search giant. "It is something that is certainly of interest," she said.
Data Brokers a Quiet Threat
While the privacy practices of the Internet heavyweights often command the headlines, Brill sees in data brokers a much lesser-known threat to consumer privacy, given that those outfits largely operate behind the scenes.
"I am calling on data brokers to take the transparency principle and put it into practice," Brill said, urging industry players to collaborate on a set of best practices, much as online advertisers have.
"Develop a user-friendly, one-stop shop where consumers can gain access to information that data brokers have amassed about them and, in appropriate circumstances, give consumers the ability to correct that information," she added. "Data brokers need to get cracking now to put something like this into place."
In practice, the FTC's enforcement authority in the area of online consumer privacy is limited without action on the part of Congress, and most observers agree that it is highly unlikely that any of the various legislative proposals that have been floated to address the issue will gain political momentum in this election-shortened session.
However, the agency does have its own established mandates through which it can bring enforcement actions, as it did in the cases of Facebook and Google. Brill signaled that data brokers can expect similar scrutiny, though she acknowledged that the industry remains shadowy, and that many of the businesses engaged in data dealing might not even be aware that they are operating in a regulated market.
"We don't know who all of them are," she said. "Many of the data brokers ... may not realize that they are engaging in activities that may fall under the Fair Credit Reporting Act."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow everything from CIO.com on Twitter @CIOonline
Read more about government in CIO's Government Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
CIOs say cost, complexity impede true mobile gains in enterprise
The enlightened CIO’s guide to running projects
The enlightened CIO’s guide to running projects
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Leveraging DCIM Software
Business executives are challenging their IT staffs to convert costly data centres into producers of business value. Only with higher visibility, more control and improved automation of reporting systems can help deliver on this commitment. Holistic management capabilities available today can enable data centre professionals to maximize their capacity to control their energy costs and to advise the business on how to utilize IT assets more effectively. This paper demonstrates how data centre infrastructure management (DCIM) software tools can simplify operational processes, cut costs, and speed up information delivery.
Unleashing the Power of Information
If business-relevant information is not well managed, secured and analysed, it can become an underutilized asset or—worst case—a legal and competitive liability. Nearly all of the IT and business executives who responded to a recent survey recognise this risk, and say they understand the importance of having an enterprise information management (EIM) strategy. Find out more on how to reduce costs, improve competitiveness and avoid risk by making information management an enterprisewide strategic priority.
Managing Web Security in an Increasingly Challenging Threat Landscape
Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Those who would do harm to our computer systems for profit or malice always manage to focus their efforts on our most vulnerable weak spots. Today, that is the web, for a wide number of reasons. Download to find out why and what you can do to protect yourself.