ScherzerBlog | Scherzer International

On December 1, 2010, the Federal Trade Commission (FTC) released its long-awaited preliminary report on the protection of consumer privacy titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” The FTC is seeking input on this proposal and intends to issue a final report sometime in 2011.

The report, which covers both online and offline data collection and use, reiterates certain concrete steps that the FTC believes organizations should take related to choice and transparency and also provides broad guidance that applies to all commercial entities that collect or use consumer data, including companies that do not interact directly with consumers, such as information brokers. The framework is not limited to personally identifiable information (PII); it applies to all consumer data that can be linked to a specific individual or to a computer or other device.

Focusing on new and growing threats to consumer privacy driven by innovations that rely on consumer data, the proposal outlines a three-step framework for data protection:

1) Privacy by Design – Organizations should integrate privacy concepts into every stage of the life-cycle of their products and services, develop marketing initiatives and data-sharing activities based on privacy guidance from the inception of such projects, and develop and maintain comprehensive information programs to protect and manage consumer data within the organization itself. Data security, reasonable collection limits, sound retention practices, and data accuracy are critical program components.

2) Choice – Organizations should offer clear and easy-to-use choice mechanisms at the point when the consumer is making a decision about his/her data, such as at the point of collection, implement a “do not track” mechanism, such as a persistent web browser setting that allows consumers to block all tracking of their online activities, obtain consumer consent before sharing data for marketing purposes with third parties or even with its affiliates if the affiliate relationship is not clear to consumers, and require enhanced consent for sensitive information, such as data about children, financial and medical information, and precise geolocation data.

3) Transparency – While privacy policies remain a critical tool for notifying consumers (and regulators) of an organization’s privacy practices, in general, most privacy polices need to be streamlined and simplified, and organizations must obtain consumer consent before implementing a change in policy that affects previously collected data. Organizations also should explore mechanisms for providing consumers with access to their data.

On December 6, 2010, the Financial Fraud Enforcement Task Force announced the conclusion of Operation Broken Trust, the largest investment fraud sweep ever conducted in the United Stated. Started August 16, 2010, the operation captured 343 criminal defendants and 189 civil defendants who were involved in fraud schemes that harmed more than 120,000 victims throughout the country. The criminal cases involved more than $8.3 billion in estimated losses and the civil cases more than $2.1 billion. Eighty-seven defendants have been sentenced to prison, including several who will serve more than 20 years.

The sweep focused on fraudsters who offered “investment opportunities” that were either completely fictitious or not structured as advertised. An overwhelming number of these were high-yield investment frauds and Ponzi schemes. Others involved commodities fraud, foreign exchange fraud, market manipulation (pump-and-dump schemes), real estate investment fraud, business opportunity fraud, and affinity fraud. Some of the perpetrators filed for bankruptcy in an attempt to avoid claims by victimized investors. In many instances, the criminals were trusted people within their communities—neighbors, co-workers, fellow church members—who betrayed that trust in order to line their own pockets.