The FTC (Federal Trade Commission) has proposed a framework for Businesses and Policymakers that would protect consumer privacy while encouraging the development of innovative new products and services. The draft focuses on three main elements which are the adherence to better privacy mechanisms by businesses throughout the whole process, provide simpler and meaningful privacy options to consumers and transparency of all data practices. These are categorized as Privacy by Design, Simplified Choice and Greater transparency. I will be providing you with some of the drafted best practices in future posts but let's start by explaining further the three main elements that make up the framework.
Privacy by Design: 'Companies should promote consumer privacy throughout their organization and at every stage of the development of their products and services.'
The framework suggests that companies should deal with data security from the beginning and not as an afterthought! Security best practices should lead the development of services and products which would include data accuracy, reliability, retention and other protective features. The draft insists of proper data management procedures that must be maintained throughout the whole life cycle of a product or service.
Simplified Choice: 'Companies should simplify consumer choice.'
The draft suggests that private data collected by businesses during rational operations, such as product fulfillment can do without the privacy options and the additional related steps presented to the consumers. The draft refers to these as common accepted practices where the business is not bound to provide privacy choices that hinder the process. Conversely, for practices that require a choice, businesses should make sure that choices are appropriate and in time.
Greater Transparency: 'Companies should increase the transparency of their data practices.'
A new approach to formulate and present Privacy Notices! These should be easy to comprehend and to compare with other notices and best practices. Businesses should provide customers more accessibility to their private data which may vary depending on the sensitivity of the data and nature of its use.