As data privacy laws amp up in 2023, more regulatory bodies are getting involved. The latest to make a splash? The Federal Trade Commission (FTC). Don’t get us wrong – they’ve been around the whole time, but this year, they are really cracking down.
On their website, the FTC states:
“If your company makes privacy promises – either expressly or by implication – the FTC Act requires you to live up to those claims. In addition, even if you don't make specific claims, you still have an obligation to maintain security that's appropriate in light of the nature of the data you possess.”
As you can see, the FTC is not playing around. Below, we’ll review a few big companies that received hefty fines, restrictions, and extra scrutiny from the FTC in 2022 – but don’t be fooled into thinking that small to mid-sized businesses are out of their purview.
Every company that collects, handles, shares, or stores data from end users is indeed obligated to follow the rules set forth by the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), and many, many more.
FTC enforcement in 2022
2022 was a big year for privacy enforcement. Here’s a quick recap:
Epic Games, Inc. was fined $275M for violating children’s privacy laws and changing default privacy settings.
Chegg Inc. came under fire for failing to disclose and protect data breaches, resulting in compromised information for both employees and customers.
Drizly LLC is being carefully scrutinized and must follow extra steps and precautions due to not observing data privacy laws.
CafePress Inc. settled with the FTC for just about a half million dollars in June, 2022 over failing to secure sensitive personal information of customers, including Social Security numbers.
I didn’t hear about this until just now. Is my business in trouble?
The issue of data privacy has been top of mind in the last few years. This is in part due to the global pandemic, which forced many consumers to perform ordinary, daily functions online instead of in person (e.g., healthcare appointments, driver license renewal, remote work, etc.).
However, the FTC has issued an ample number of warnings over the years, even before the pandemic began. In 2023, there is no excuse for any businesses to have their head buried in the sand when it comes to this issue. Not only is data privacy better for your business, it’s also better for your customers.
Behind every business are an owner and employees – real people who are also consumers and want their privacy respected as well. Your business very well could be in trouble if you put the issue of data privacy off or think that it won’t affect you. Eventually, that mindset will catch up to you, and the punishments will be more severe.
There are a few ways you can take a proactive stance to stay in compliance and stay out of the FTCs line of fire.
Respond quickly to privacy breaches and concerns
One of the big complaints about Drizly, LLC was that they received information about a possible data breach and privacy concerns were raised. However, they did not respond to them or do anything to rectify the situation.
The FTC was particularly hard on them because of that alone. Had Drizly been transparent with their customers and regulatory bodies, laid out a rectification plan, and acted on it, they wouldn’t be in the situation they are in today.
Set up a plan now – and follow it to the letter
Today, it’s not a matter of “if” a privacy breach occurs – it’s a matter of “when”. What safeguards does your business have in place when that happens? Are your privacy policies up to date? Do you know what you’ll say to customers? Do you have the funding to retrieve, delete, or otherwise invest in cybersecurity? All these questions need to be answered with a solid plan of action that can be swiftly executed.
Educate your employees and contractors
Ongoing training into data privacy laws and procedures should be enacted for all employees, contractors, or anyone who has access to sensitive personal information of your end users. This includes logins, passwords, multi-factor authentication and more. Ongoing training to ensure that everyone working for your company has basic knowledge of your policies and procedures is key.
Prioritize children’s data
The FTC is especially interested in protecting children’s data under the Children’s Online Privacy Protection Act (COPPA). This applies to anyone under 13 who is using or accessing your products and services. Many, if not all, data privacy laws state that children under 13 must gain explicit parental consent before using your services – and it’s up to you to make sure that happens. If your products and services are aimed at children, privacy by design is an important principle to adopt.
Final take
The FTC is cracking down hard on data privacy in 2023. They began in earnest in 2022, but the fines are only going to go deeper and steeper. However, there are measures you can put in place to protect your business today.
A Consent Management Platform (CMP) from Adzapier can help you address privacy concerns and avoid scrutiny from the FTC. Simply talk to one of our privacy experts, and they’ll walk you through everything you need to know in just about 30 minutes. Then, sign up for a 14-day free trial and see just how easy it is to be data privacy compliant.