[September 16, 2011] FTC commissioner says companies need to better protect users' data Tweet Sep 16, 2011 (The Dallas Morning News - McClatchy-Tribune Information Services via COMTEX) -- In the last year or so, a series of hacks and data breaches has taught consumers that their data is almost never completely safe from thieves. But many people aren't aware of how their data can also be mishandled by the very companies that manage those databases, experts said Thursday at a privacy conference in Dallas. Julie Brill, a commissioner at the Federal Trade Commission, said the amount of data now gathered by companies is "unprecedented." "It's also largely unnoticed by the consumer, raising serious privacy concerns," she said, speaking to several hundred people at the event organized by the International Association of Privacy Professionals. She noted a series of recent data breaches that affected consumers. In April, 77 million users of Sony's PlayStation Network had personal information exposed. Around the same time, in a separate attack, hackers stole from Irving-based email marketing firm Epsilon the names and emails addresses of millions of customers of companies including Target Corp., Best Buy Co. and Citigroup Inc. Brill said that while those attacks are a problem, consumers face just as big a privacy threat from companies that track user data to sell to marketers. She noted cases where companies have tracked Alzheimer's sufferers and sold that contact info to unscrupulous outfits that take advantage of those mental problems to peddle everything from financial services to magazine subscriptions. Even much more reputable companies occasionally handle consumer data in ways that consumers don't approve. She cited the recent revelations that Apple Inc.'s iPhone and Google Inc.'s Android phones track their users' locations and, in some cases, leave that data in places where it could be accessed by bad guys. At the same time, giving out your location and other personal data can also be beneficial to consumers. "Companies are willing to pay significantly more for targeted advertising, so it pays for many of the things we enjoy for free online," Brill said. Last December, the FTC issued a report with three main guidelines for how companies should protect their users' privacy. First, companies should have privacy protections built into every product or service. Second, privacy tools should be easy to use, such as providing a standard "do not track" button in apps and websites, so consumers always know at a glance how much protection they'll get from opting out. Third, privacy notices should be easier to read, rather than the dozens of pages of boilerplate legalese that most people scroll through as fast as possible. Getting companies to change how they manage consumer privacy and data security will not be easy, however, attorney Scott Kamber said in a speech following Brill's. Kamber is a plaintiff attorney who has represented consumers in several lawsuits against companies such as Apple and Facebook over privacy issues. He noted that there are volumes of government regulations when it comes to describing, for example, how to buckle your seat belt on an airplane, disclosures that range from "redundant to infantile." But online privacy and data retention policies are murky, he said. "Privacy policies remain indecipherable, inaccurate and deliberately difficult to get to," Kamber said. He said much of that complexity could be resolved by requiring companies to ask their customers for their permission to be tracked, rather than forcing them to ask not to be tracked. "If we lived in an opt-in world rather than an opt-out world, privacy policies would look very different even without government intervention," Kamber said. But that only works if the people who write the policies have accurate information. "Many times, people who write privacy policies aren't even fully aware of how engineers and analytics experts are actually tracking data," Kamber said. Kamber said companies should be required to have the chief executive officer or another senior executive sign off on their privacy policies, and those policies should be filed with the FTC for periodic audits. Otherwise, he said, "the fox ends up guarding the henhouse, and privacy policies are not going to protect the poultry." ___ (c)2011 The Dallas Morning News Visit The Dallas Morning News at www.dallasnews.com Distributed by MCT Information Services [ Back To TMCnet.com's Homepage ]