Meeting with the FTC in a Simulated Informal Investigation
On Thursday, March 8, 2012 at the IAPP Global Privacy Summit, FPF’s Christopher Wolf sat down with Christopher N. Olsen, Assistant Director in the Division of Privacy and Identity Protection at the FTC. Together, they hashed out the do’s and don’ts of when companies might be subject to FTC enforcement. The clear answer is to comply with the FTC’s requests as much as feasibly possible. But what does that really mean for a company or its representing counsel? When and how should counsel go about negotiating with the Commission? Chris Wolf asked Olsen these practical questions and more regarding best courses of action, yielding important and valuable information for companies and their representing counsels facing potential FTC investigation or enforcement.
- It is better to reach out than to wait to be contacted. If your company might be subject to FTC enforcement due to a breach or other privacy problem, it is better to be proactive and contact FTC staff to discuss the situation. Companies should be open to fielding the FTC’s questions, even if they don’t have all the answers yet.
- Expect the FTC to Refrain from “Fishing.” The FTC has a right to investigate matters that can be reasonably tied to a breach or privacy issue. “If you can demonstrate that a request is so remote from any potential data security vulnerability that was at play, that’s an area where we may show some flexibility,” said Olsen.
- Stay in touch with the FTC during an investigation. Following up with FTC staff monthly may be a good idea to get a sense of whether your company is likely to be a target of enforcement.
- When dealing with the FTC, always attempt to first resolve issues with FTC line staff. Do not automatically go up the chain of command. Even if you know senior FTC staff, follow proper protocol and attempt to resolve issues with FTC staff first. Going over heads is distinctly frowned upon.
Also at IAPP, Tanya Forsheit, Founding Partner at InfoLawGroup LLP, presented on a panel titled, “The Ethos of Lawyers in a Networked World: Privacy, Privilege and Evolving Parameters.” Forsheit brought to light the implications of comments added in the ABA Commission on Ethics 20/20, providing that lawyers should keep abreast of changes, including risks associated with technology. Lawyers should be responsible when storing or transmitting confidential information through cloud computing, said Forsheit.
-Lia Sheena