Washington, DC - The FCC asked – and we answered. Underway at the Federal Communications Commission is a proposed privacy rulemaking for broadband internet access service providers. The FCC sought public comment on the proposal and the staff of the FTC’s Bureau of Consumer Protection has offered its perspectives.

You’ll want to read the full comment, but here’s a back-of-the-envelope recap. The staff comment opens with the can’t-be-denied fact that consumers care about privacy and security. The massive collection and storage of personal information, the risk of identity theft, the release of sensitive stuff people view as private, and the potential use of data by employers, insurers, creditors, and others are just some of their concerns. To the extent that trepidations deter consumers from doing business online, companies may be concerned, too.

That’s why the FTC has brought over 500 cases so far to protect consumer privacy and security, including actions challenging deceptive privacy promises, illegal spyware, Do Not Call violations, and unreasonable data security practices, to name just a few. We’ve followed up with nuts-and-bolts guidance for business about complying with the law. In addition, we’ve used a variety of methods – websites, videos, conferences, publications, games, reports, etc. – to educate consumers about steps they can take to protect their personal information.

The most important takeaway is that FTC staff supports the FCC’s focus on what we’ve always seen as the core consumer protection values in this area: transparency, consumer choice, and data security. But the comment doesn’t just offer a 10,000-foot perspective. It presents brass-tacks suggestions about:

  • the definition of “personally identifiable information” (PII);
  • the potential for a standardized privacy notice that is the product of consumer testing;
  • opt-in vs. opt-out consent - what works best when;
  • the benefits of just-in-time choice for consumers and the use of dashboards or similar tools to make it easier for them to select or change their choices;
  • the importance of data security, including written information security programs and safe disposal; and
  • timely and meaningful breach notification.