PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Article: Hoofnagle on Assessing the FTC’s Privacy Assessments

Posted on March 27, 2016 by pogowasright.org

Public Citizen helpfully noted a recent article by Chris Hoofnagle: Assessing the Federal Trade Commission’s Privacy Assessments, 14(2) IEEE Security & Privacy 58–64 (Mar/Apr. 2016).  

Here is the abstract:

Consumer protection regulators worldwide share basic problems: the companies that regulators police are so powerful and rich that fines do not matter. Consider the French with their €150,000 fine against Google in 2014. Efficacious fines against dominant platforms would have to rise to nine-figure levels to cause change, but consumer protection agencies generally lack the authority and political will to levy such fines.

As a result, consumer protection officials ensure compliance by monitoring defendant companies. However, even this is a challenge. Although consumer protection agencies such as the US Federal Trade Commission (FTC) have decades of experience in evaluating misleading advertising, information security and privacy oversight challenges differ from advertising matters.

Because information security and privacy issues are difficult to observe and, even if detected, difficult to understand, the FTC and other enforcement agencies rely on outside “assessments” by accounting and security consultants. These assessments evaluate the veracity of defendant company managers’ claims about privacy and security protection of consumer information. Accounting and security firms now have a lucrative and growing business in performing assessments required by the FTC and state attorneys general. In a real sense, consumer privacy worldwide depends on these assessments, as international regulators rely on the FTC’s oversight of companies serving consumers in other countries.

Unfortunately, assessments are misunderstood by many in the policy realm, who mistakenly see them as rigorous as a formal audit. The lack of knowledge of the differences between assessments and audits allows the FTC and respondent companies to tout assessments as an effective tool to improve practices.

In this article, I discuss efforts to oversee companies’ privacy and security programs through the lens of two assessment reports on TRENDnet and Google and offer five suggestions to increase accountability in the assessment process.

And by the way, if you haven’t read or ordered it yet, Chris has a new book out, Federal Trade Commission: Privacy Law and Policy.  I got my copy already and am looking forward to reading it.

Category: Govt

Post navigation

← Law enforcement seeks out private DNA databases
School District That Said NSA Told It To Monitor Students’ Social Media Posts Is Back With Non-NSA Approved Monitoring →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

RSS Recent Posts on DataBreaches.net

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy