The Federal Trade Commission (FTC) is an independent agency of the United States government to promote consumer protection and the elimination and prevention of anticompetitive business practices.
The FTC has jurisdiction in broad sectors of the U.S. economy and is the primary federal authority with respect to laws and regulations related to privacy and data protection in the U.S.
The FTC Act empowers the FTC “…to
(a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce;
(b) seek monetary redress and other relief for conduct injurious to consumers;
(c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices;
(d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and
(e) make reports and legislative recommendations to Congress and the public.”
Companies under the jurisdiction of either the FTC or the U.S. Department of Transportation are eligible to join the EU-U.S. Privacy Shield framework.
Partial list of laws and regulations that can be enforced by the FTC:
- FTC Act 1914
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Children’s Online Privacy Protection Act (COPPA)
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)
- Fair Credit Reporting Act (FCRA)
- Fair and Accurate Credit Transactions Act (FACTA)
- Gramm-Leach-Bliley Act (GLBA)
- Telephone Consumer Protection Act (Telemarketing and marketing privacy)
- Telemarketing Sales Rule (TSR) of 1995, US National Do Not Call (DNC) Registry
- Telemarketing and Consumer Fraud and Abuse Prevention Act
FTC Privacy Impact Assessments:
The FTC conducts privacy impact assessments (PIA) on electronic government services and processes, and publishes them on the FTC web site. They are an excellent source of sample privacy impact assessments. FTC Privacy Impact Assessments: https://www.ftc.gov/site-information/privacy-policy/privacy-impact-assessments
The IAPP publishes a collection of privacy and data security enforcement actions called the “FTC Casebook”: https://iapp.org/resources/ftc-casebook/