by Privacy & Data Security Member Karin McGinnis
The Federal Trade Commission’s PrivacyCon event brings together the FTC, researchers and academics to discuss the latest research and trends related to consumer privacy and data security. Much of the discussion today centered on Big Data, coming on the heels of the FTC’s report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, which can be found here. Also prominent were concerns about web transparency and whether consumers in fact understand what data is collected on them and how it will be used. FTC Commissioner Julie Brill gave some specific insight into the FTC’s focus. In her statements, she identified two principles that she believes should guide the development on privacy and data security issues going forward. First, she believes that individuals must be in the loop regarding how their data will be collected and used. Relevant questions include what consumers expect regarding how their data will be collected and used and what they understand about how they can exercise control over that collection and use. Second, she counseled wariness about privacy and data security solutions that depend too heavily on one technology, such as encryption. We anticipate more action by the FTC pushing companies to be more transparent in their notices to consumers about their data collection and use practices. At the same time, we expect the FTC to be less understanding of companies who rely too much on single sources of data protection, especially in the face of changing technology. A webcast of the event will be posted on the FTC website.
With two decades of experience as a practicing attorney, Karin McGinnis, CIPP US, has handled a wide variety of privacy and data security matters for her clients, with a special emphasis on privacy and data security issues in the workplace. Ms. McGinnis’ privacy and data security experience includes counseling and litigation regarding misappropriation of trade secrets, violation of the Computer Fraud and Abuse Act and state computer trespass laws, common law privacy torts, discovery challenges posed by the Stored Communications Act, privacy of consumer financial information under Gramm-Leach-Bliley, and confidentiality rights concerning mental health consumers. Ms. McGinnis also handles a wide variety of data breach matters for her clients, including those involving PCI-DSS compliance, and has worked with the USSS and the FBI in investigating potential cyber-crime. She has assisted clients with drafting and creating data breach procedures, mobile device policies and agreements, FACTA Red Flag policies and procedures, online privacy policies, international ethics hotlines, international data transfer agreements, vendor agreements, and employee data security training. Ms. McGinnis is co-chair of the firm’s Privacy and Data Security Group.