Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Dec. 4 — A group of Federal Trade Commission officials and corporate attorneys Dec. 3 discussed how companies can best navigate the FTC's privacy and data security enforcement waters.
The FTC's civil investigative demand process is about “burden and efficiency,” or providing the FTC with the documents it needs with the least burden on the company subject to the investigation, Michael Lamb, chief counsel for privacy and information governance at Reed Elsevier Group Plc, said at a conference sponsored by the International Association of Privacy Professionals.
The FTC has several tools at its disposal for investigating a company's privacy and data security practices. The most common tool is the civil investigative demand (CID), Mark Eichorn, assistant director of the Division of Privacy and Identity Protection in the FTC's Bureau of Consumer Protection, said.
Other investigative tools include access letters and requests for information under Section 6(b) of the FTC Act, 15 U.S.C. § 46, Eichorn said.
Recognizing that companies offer very good services and products, the FTC doesn't “want to impose an undue burden” during investigations, Eichorn said. However, “we need to find the types of information we need to find,” he said.
“We expect people to be forthright and not hide the ball,” he added.
Eichorn said that a “substantial majority” of his division's cases involving CIDs haven't resulted in complaints being issued.
D. Reed Freeman, partner at Morrison & Foerster LLP in Washington and the panel's moderator, asked the panelists how companies should prepare themselves before a privacy or data security problem arises.
Not only must a company have good privacy and data security practices, but those practices must be “really well documented,” Lamb said.
A privacy and security governance program should also have a formal process for approving any exceptions, Lamb added.
Both Lamb and Marc Zwillinger, founder and managing member at ZwillGen PLLC in Washington, emphasized the importance of determining how an organization hires and uses outside experts before any FTC investigation is initiated.
Freeman added that he often sends to clients a list of things they shouldn't do.
Freeman pointed out that parties must meet and confer with FTC staff within 14 days of receiving a CID under the FTC's amended Rules of Practice.
Counsel should aim to determine how the commission's inquiry can be narrowed, Emilio Cividanes, a partner at Venable LLP in Washington, said.
Prior to the meeting with FTC staff, Zwillinger said he spends a lot of time with clients. He also said that he organizes the CID on an Excel spreadsheet, categorizing the items requested by the FTC based on what is in scope and what the company can obtain.
Keeping the FTC away from a “treasure trove” of documents won't succeed, Lamb said.
Freeman agreed. Other than lying to the commission, the worst thing a company can do is withhold documents, he said.
During the production process, don't surprise the FTC staff and keep them informed, Cividanes said. Producing documents every month, or using a “rolling deadline,” is important, he added.
Zwillinger said he likes to negotiate a 30 day-60 day-90 day document production schedule with the FTC staff. He said he never misses the first 30-day production deadline.
By the second or third production, a company should also tell a narrative along with producing the documents, Zwillinger said.
Eichorn also encouraged companies to tell their stories. He added that the FTC staff tries to be reasonable in granting extensions of production deadlines. But a company should “really be on top of what you need to get together,” and the staff doesn't want last minute calls, he said.
The panelists' answers concerning whether they submitted a white paper to the FTC after completing document production varied. Cividanes said his firm has used both white papers and PowerPoint slides and said the form of the presentation depends on the production.
But Zwillinger said he never submits a white paper and uses a PowerPoint presentation instead. Lamb also said that he doesn't use white papers, calling them the “wrong tool for interaction.”
If a company is under investigation and is called to testify before Congress, it should be consistent with what it tells the FTC and the Hill, Cividanes said. Zwillinger encouraged companies and their counsel to “stay at 30,000 feet” and remain “in the middle of the pack” when testifying before the Hill.
Freeman asked whether a draft complaint and proposed consent order from the FTC staff are nonnegotiable. Zwillinger said that he finds that there is typically “some room to negotiate” and encouraged counsel to approach the proposal as a “problem-solver.”
Lamb said he has learned two lessons in dealing with the FTC. “Don't surprise them,” and “be forthcoming,” he said.
To contact the reporter on this story: Katie W. Johnson in Washington at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)