On February 25th, the Federal Trade Commission (FTC) released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year.

According to the update, the FTC enforcement actions in the past year involved privacy and data security addressing a range of issues, including identity theft, credit reporting and financial privacy, the EU-U.S. Privacy Shield framework, children’s privacy, and Do Not Call.  Specifically, the FTC entered into consent orders with a wide range of financial institutions, including a major consumer reporting agency (Equifax), debt collectors (Effen Ads, Global Asset Financial Services Group, ACDI Group), a credit repair company (Grand Teton Professionals), a student loan debt relief company (Mission Hills Federal), as well as a service provider to the auto finance industry (DealerBuilt).

The update also summarizes the FTC’s efforts to implement and review certain rules within the FTC’s jurisdiction, such as the Gramm-Leach-Bliley Act (GLBA) and the Children’s Online Privacy Protection Act (COPPA).  In July 2019, the FTC finalized the Military Credit Monitoring Rule, which requires nationwide consumer reporting agencies to provide free electronic credit monitoring services for active duty military consumers; to notify active duty military consumers within 48 hours of any material additions or modifications to their credit files and free access to that file; to restrict secondary uses and disclosures of information collected from an active duty military consumer requesting the credit monitoring service; and to ban marketing during the enrollment process until after an active duty military consumer has been enrolled in the free credit monitoring service.

The update also provided information about the FTC’s recent workshops (focused on consumer privacy, COPPA, and a joint workshop with the Consumer Financial Protection Bureau on accuracy in consumer reporting) and publication of resources for consumer education and guidance for business.