The Federal Trade Commission (FTC) has taken a number of enforcement actions alleging that seemingly innocuous statements in privacy notices were “deceptive.” In particular, companies that post privacy notices online where the FTC can easily access and analyze them have been subject to enforcement actions when those notices are deemed deficient. If your organization posts a privacy notice online (as it is likely required by law to do), you should be aware of the risks and take steps to prevent FTC scrutiny.
One recent enforcement action against Twitter highlighted a statement in the privacy notice saying, “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.” The FTC alleged that statement was deceptive. Many websites say something similar. So what was the problem here?
Please see full publication below for more information.