The FTC has brought enforcement actions addressing a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile. These matters include over 130 spam and spyware cases and 75 general privacy lawsuits.
Since 2002, the FTC has brought 65 cases against companies that have engaged in unfair or deceptive practices involving inadequate protection of consumers’ personal data.
The Fair Credit Reporting Act (FCRA) sets out requirements for companies that use data to determine creditworthiness, insurance eligibility, suitability for employment, and to screen tenants. The FTC has brought over 100 cases against companies for violating the FCRA and has collected over $30 million in civil penalties. The Gramm-Leach-Bliley (GLB) Act requires financial institutions to send consumers initial and annual privacy notices and allow them to opt out of sharing their information with unaffiliated third parties. It also requiresfinancial institutions to implement reasonable security policies and procedures. Since 2005, the FTC has brought almost 30 cases for violations of the GLB Act
Carrying out its enforcement role under these international privacy frameworks, the FTC has brought 51 actions – 39 under an older “U.S.-EU Safe Harbor” program, 4 under APEC CBPR, and 8 under Privacy Shield.
Since 2003, the FTC has brought 140 cases enforcing Do Not Call Provisions against telemarketers. Through these enforcement actions, the Commission has sought civil penalties, monetary restitution for victims of telemarketing scams, and disgorgement of ill-gotten gains from the 465 companies and 374 individuals involved. The 126 cases that have concluded thus far have resulted in orders totaling over $1.5 billion in civil penalties, redress, or disgorgement, and actual collections exceeding $121 million