Duane Pozza Discusses FTC’s Privacy and Data Security Enforcement Efforts
Duane C. Pozza, partner and co-chair of Wiley’s FTC Regulation Practice, was quoted extensively by Cybersecurity Law Report in a two-part article about the Federal Trade Commission’s (FTC) privacy and cybersecurity enforcement efforts in 2019 and priorities for 2020.
The article, citing the FTC’s annual “Privacy and Data Security Update,” focused on numerous topics including data security enforcement and compliance, and the impact of the coronavirus (COVID-19) pandemic.
Regarding recent revisions to the Commission’s data security orders, Mr. Pozza said the FTC is “putting a lot of importance on having a single individual who is coordinating the company’s privacy and information security program … and then also having a level of accountability that rolls up to leadership in some way.”
Mr. Pozza also discussed the Commission’s stance on compliant information security programs, which he said was in flux.
“The FTC is going to have high expectations for monitoring third-party service providers that have access to data, particularly to any sensitive financial data, to ensure not only that there’s a contract that governs their use so that the information is secure, but that there is auditing or oversight to make sure that there’s no misuse or disclosure of the confidential financial information,” Mr. Pozza said.
Concerning the FTC’s role in the still-developing legal landscape surrounding the COVID-19 pandemic, Mr. Pozza noted that “the agency is clearly very engaged on stopping COVID 19-related scams right now.” Given the current state of the economy, he predicted that the FTC “is likely to focus significantly on protecting financially distressed consumers, and will look even more closely at companies that collect or share consumer financial information.”
Mr. Pozza previously served as Assistant Director of the FTC’s Division of Financial Practices. In addition to co-leading Wiley’s FTC Regulation Practice, he is a key member of the firm’s Privacy, Cyber & Data Governance, Telecom, Media & Technology, Fintech, and Blockchain Technology practices.
To read Part One of the article, click here, and Part Two can be found here (subscription required).
Director of Communications
Senior Communications Manager