Privacy & Information Security Law Blog

The Federal Trade Commission will host a workshop on informational injury on December 12, 2017.  The FTC’s three main goals for hosting the workshop are to:

1. “Better identify the qualitatively different types of injury to consumers and businesses from privacy and data security incidents;”
2. “Explore frameworks for how the FTC might approach quantitatively measuring such injuries and estimate the risk of their occurrence;” and
3. “Better understand how consumers and businesses weigh these injuries and risks when evaluating the tradeoffs to sharing, collecting, storing and using information.”

FTC Acting Chairman Maureen Ohlhausen announced the workshop during her speech to the Federal Communications Bar Association, titled “Painting the Privacy Landscape: Informational Injury in FTC Privacy and Data Security Cases.”  The speech focused on the five different types of consumer informational injury alleged in the FTC’s body of privacy and data security case law: (1) deception injury or subverting consumer choice; (2) financial injury; (3) health or safety injury; (4) unwarranted intrusion injury and (5) reputational injury.

Acting Chairman Ohlhausen noted that the FTC initiates many of its cases under the agency’s deception authority, stating that “from an injury standpoint, a company’s false promise to provide certain privacy or data security protections harms consumers like any false material promise about a product.”  The Acting Chairman further highlighted that the most commonly alleged injuries in the FTC’s body of privacy and data security case law are financial injury and health and safety injury.  She also emphasized that the type of injury is not dispositive in the FTC’s decision of whether to bring a privacy or data security case.  The FTC also evaluates the strength of the evidence linked to the consumer injury, the magnitude of the injury (both to individuals and groups of consumers), and the likelihood of future consumer injury.  In closing her speech, Acting Chairman Ohlhausen rhetorically raised three questions: (1) whether the list of consumer informational injuries is representative, (2) whether these or other informational injuries require government intervention, and (3) how the list maps to the FTC’s statutory deception and unfairness standards.  Acting Chairman Ohlhausen plans to address these issues in depth at the December 12 workshop.