February 28, 2020

February 28, 2020

Subscribe to Latest Legal News and Analysis

February 27, 2020

Subscribe to Latest Legal News and Analysis

February 26, 2020

Subscribe to Latest Legal News and Analysis

FTC To Hold Workshop On Informational Injury

The FTC has announced that it will host a workshop on December 12, 2017 in Washington, D.C. to examine consumer injury in the context of privacy and data security.

In the workshop, the FTC plans to examine questions about the injury consumers suffer when information about them is exposed or misused such as “how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the tradeoffs involved in collecting, using, or providing information while also potentially increasing their exposure to injuries.”

The types of consumer harm that flow from data security and privacy breaches has significant implications both for government enforcement and private actions.  With regard to government enforcement actions, in remarks given in February 2017 soon after her appointment by President Trump as Acting FTC Chairman, Maureen Ohlhausen observed that a focus on consumer injury is important both in deciding what cases to bring and in determining what remedy to seek.  She stated that the FTC can best use its limited resources “by focusing on practices that are actually harming or likely to harm consumers” and used recent privacy and data security actions as examples of situations where the FTC “strayed from a focus on actual harm.”  She also criticized the FTC’s pursuit of disgorgement  that was “disproportionate to any consumer harm” and stated that she intended to “work to ensure that our enforcement actions target behaviors causing concrete consumer harm, and that remedies are tied to consumer harm.”

With regard to private actions, the issue of what types of consumer injury will satisfy Article III standing under the U.S. Supreme Court’s Spokeo decision continues to be litigated.  In Spokeo, the Supreme Court held that a plaintiff alleging a violation of the Fair Credit Reporting Act does not have Article III standing to sue for statutory damages in federal court unless the plaintiff can show that he or she suffered “concrete,” “real” harm as a result of the violation.

In advance of the workshop, the FTC is seeking comment by October 27 on the issues to be covered by the workshop, including the following questions:

  • What are the qualitatively different types of injuries from privacy and data security incidents?  What are some real life examples of these types of informational injury to consumers and to businesses?

  • What frameworks might we use to assess these different injuries?  How do we quantify injuries?  How might frameworks treat past, current, and potential future outcomes in quantifying injury?  How might frameworks differ for different types of injury?

  • How do businesses evaluate the benefits, costs, and risks of collecting and using information in light of potential injuries?  How do they make tradeoffs? How do they assess the risks of different kinds of data breach?  What market and legal incentives do they face, and how do these incentives affect their decisions?

  • How do consumers perceive and evaluate the benefits, costs, and risks of sharing information in light of potential injuries?  What obstacles do they face in conducting such an evaluation?  How do they evaluate tradeoffs?

Copyright © by Ballard Spahr LLP

TRENDING LEGAL ANALYSIS


About this Author

Kim Phan, Ballard Spahr Law Firm, Washington DC, Business and Finance Law Attorney
Of Counsel

Kim Phan writes and speaks frequently about privacy and data security issues for a variety of industries, including consumer financial services, retail, hospitality, higher education, and utilities. Ms. Phan counsels clients on privacy and data security law in areas including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), and other federal and state privacy and data security statutes and regulations. Her work in this area encompasses strategic planning and guidance for companies to incorporate...

202-661-2286