FTC Set to Adopt New Rules to Speed Up Investigations, But Will They Work?

by Foley Hoag LLP - Trademark, Copyright & Unfair Competition

The Federal Trade Commission recently finalized changes to its investigative procedures. The changes are intended to streamline a process that has, in recent years, become increasingly lengthy and unwieldy. The driving force behind the changes, which will become effective November 9, 2012, is the ever-increasing pace of technology, in particular its effect on the amount of electronic data that a respondent must comb through when it finds itself the target of a Commission investigation.

The Current Process

Typically, the Commission commences an investigation by serving a Civil Investigative Demand (“CID”) on the target of the investigation (the “respondent”). A CID is similar to a subpoena. It bears the seal of the Commission, identifies the name and address of the respondent, identifies categories of documents that a respondent must produce (“documents specifications”), includes formal questions that the respondent must answer in writing (“interrogatory specifications”), and identifies a date by which production must occur. Often, the production date is just a few weeks after the CID is served. Given that CIDs often include dozens of document and interrogatory specifications, the printed compliance dates are seldom true reflections of when compliance must occur. In some instances, respondents might spend many months or more responding to a CID, not including additional investigative time resulting from additional CIDs requesting more documents or oral testimony.

There are several factors that play in to lengthy investigations, but two bear specific mention. First – and this won’t come as a shock to anyone – the amount of data accessible to respondents these days is vast, almost unfathomable, due to the explosion of electronically-stored information (“ESI”). Notably, the FTC includes ESI in its definition of “document,” meaning that a response to a request for, say, “all documents relating to consumer complaints” will likely require electronic searching of numerous email accounts, customer service databases, electronically-stored correspondence, recordings of customer service calls, customer comments on the respondent’s social media sites, and possibly much more.

Second, against the backdrop of a massive source of potentially responsive documents, there is the requirement that, upon completion of production, the respondent must certify that “all of the documents and information required by the … Civil Investigative Demand which are in the possession, custody, control, or knowledge of the person to whom the demand is directed have been submitted to [the Commission].” Such a certification is a statement to the federal government, and the consequences of a false certification can be severe. Accordingly, respondents are under a great deal of pressure to ensure that their methodology for searching and producing documents to the FTC is sound. And this takes time.

The Forthcoming Changes and Why They Are Not Likely To Speed Up Investigations

To deal with increasing delays, the FTC has made a number of changes to Part 2 of its Rules of Practice (Non-adjudicative Procedures).  At a high level, those changes include the following:

  • Explicitly stating Commission’s expectation that “all parties [will] engage in meaningful discussions with staff to prevent confusion or misunderstanding regarding the nature and scope of the information and materials being sought”;
  • Requiring respondents to meet and confer with staff within fourteen days after receipt of a CID to address and attempt to resolve potential problems related to document production;
  • Conditioning extensions of time to comply with a CID on a respondent’s demonstration of progress towards compliance; and
  • Providing Commission staff with the authority to inspect, copy, or sample documentary materials—including ESI—to ensure that the parties are employing viable search terms and compliance methods.

Among the more controversial amendments is the last one. Providing Commission staff access to a respondent’s ESI generally is potentially problematic for a number of reasons: (1) it creates a risk that the staff will access information protected from disclosure by the attorney-client privilege or work product doctrine; (2) it allows the staff to access and possess information that has no relevance to the subject matter of the investigation, including information that may contain trade secrets, personally identifiable information and other forms of sensitive data; and (3) it creates a risk of inadvertent exposure or dissemination of such data (whether by delivery of a copy or providing staff attorneys access to a data source).

Ironically, the “inspection, copying, and sampling” provision has the potential for increasing the time, scope, burden, and expense of the investigation by requiring measures to deal with each of the risks outlined above. For example, in response to criticism from commenters on the proposed change, the FTC suggested implementation of a so-called “taint team,” which would segregate privileged material included in the sample data. As anyone who has been involved in one knows, privilege reviews are notoriously time-consuming because of the risk that privileged documents that inadvertently slip through the cracks could pose a risk of waiver either in the context of a government investigation or a subsequent civil action. Similarly, any sample data provided to the Commission must be screened for personally identifiable information or other forms of sensitive data. (Current Commission CIDs require respondents to take measures to redact such information before production.) There is often no easy way to locate personally identifiable information and, while there are alternatives to line-by-line review (e.g., production of encrypted materials), this approach is not foolproof. The mere act of copying and transmitting data presents risk of a data breach.

Key Takeaways

As with any form of governmental compulsory process, receipt of a CID is a big deal and should be taken very seriously. If you or your organization receives a CID, you should treat it as a matter of top priority and seek the assistance of counsel experienced in responding to such demands. Experienced counsel will often be able to narrow the scope of the demand and minimize the burden and cost of what can be a time-consuming process.

Although the Commission’s attempt to streamline its investigative process is a positive step, it seems unlikely that it will have an appreciable impact. However, respondents should try to tap into the Commission’s desire to speed up investigations by offering to meet with Commission staff as soon as possible after receipt of a CID, by determining the documents or information that the Commission is most interested in seeing (i.e., in the case of advertising claims, almost always claim substantiation), and making every effort to provide such information promptly. As for the remaining requests, respondents should seek to narrow the sources of ESI, the number of custodians, and proposed search terms and methodologies as much as possible to avoid weeks or months of electronic review and production.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Trademark, Copyright & Unfair Competition | Attorney Advertising

Written by:

Foley Hoag LLP - Trademark, Copyright & Unfair Competition

Foley Hoag LLP - Trademark, Copyright & Unfair Competition on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.