Chapter 3 - Federal & State Regulators and Enforcement of Privacy Law Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

2 key agencies in US privacy law

A

1- FTC

2-FCC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Single most important piece of US privacy law is

A

Section 5 of the FTC Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Section 5 of the FTC Act states…

A

“unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Section 5 of the FTC Act does NOT apply to…

A

nonprofit organizations, or to certain industries including banks, other federally regulated financial institutions, and common carriers such as the transportation and communications industries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FTC’s investigatory authority include:

A

1- authority to subpoena witnesses
2-authority to demand civil investigation
3- authority to require businesses to submit written reports under oath.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An order by the FTC commission becomes final when?

A

60 days after it is served on the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the FTC enforcement process once a violation has been identified?

A

1- the commission issues a complaint
2- an administrative trial proceeds before an ALJ
3- If a violation is found, ALJ can enjoin the company from continuing practices that caused the violation
4- the decision of ALJ can be appealed to the five commissioners
5- the decision of the five commissioners can be appealed to the federal district court

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can the FTC assess civil penalties?

A

No, but the FTC can seek civil penalties in federal court of up to $40,654 per violation and can seek compensation for those harmed by an unfair or deceptive practice; each violation of an order is treated as a separate offense and each day the violator fails to comply with the order is considered a separate offense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are FTC enforcement actions usually settled?

A

Through consent decrees and consent orders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3 Advantages of Consent Decrees

A

1- consent decree incorporate good privacy and security practices
2- avoids the expense and delay of a trial
3- gains an enforcement advantage because monetary fines are easier to assess in federal court if a company violates a consent decree than if no decree is in place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How long can a consent decree be imposed?

A

Up to 20 years per the FTC’s Sunset Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What constitutes a “deceptive practice”

A

it involves a material statement or omission that is likely to mislead consumers who are acting reasonably under the circumstances; includes false promises, misrepresentations and failures to comply with representations made to consumers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe “unfair practices” in the privacy realm

A
  1. Companies have to be proactive and must make reasonable efforts to protect personal information
  2. If a company publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits for their business.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FTC states that reasonable data security practices include at least 5 principles:

A

1- companies should be aware of what consumer info they have and who has legitimate access to the data

2- companies should limit the info they collect and maintain for their legitimate business purposes

3- companies should protect the info they maintain by assessing risk and by implementing procedures for electronic security, physical security, employee training and vendor management

4- companies should properly dispose of information they no longer need

5- companies should have a plan in place to respond to security incidents, in case they occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

FTC considers what 3 factors in assessing a company’s data security measure:

A

1 - the volume and sensitivity of consumer information the company holds

2- the complexity and breadth of its data operations

3- the cost of tools available to reduce vulnerabilities and improve security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

FTC trend re: “Unfair Practices” analysis per 2015 Report:

A

whether the company unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access

17
Q

FTC general trend re: privacy enforcement

A

The FTC has evolved from focusing on deceptive practices to a more comprehensive approach– moving beyond punishment of violators to requiring the implementation of best practices in privacy and security