October 10, 2001


Federal Trade Commission Announces Broad Privacy Agenda
 and Promises Strict Enforcement Online and Offline

In a long-awaited address to Privacy 2001, FTC Chairman Timothy Muris has
announced a new, wide ranging privacy agenda and promised to increase
enforcement of privacy standards both online and offline.

It has been unclear for some time just how the Bush Administration would
approach consumer privacy in the US, and there has been speculation in the
wake of the September 11 attacks that this agenda item, once so commonly
discussed, would take a back seat to public security concerns.  In his
speech on October 4, 2001, Chairman Muris announced that as part of getting
back to business, it was time to focus on "individual privacy in the
commercial realm and on what the FTC itself can do."  Assuring consumers
that privacy promises will be taken seriously, Muris promised to "increase
our enforcement of laws protecting consumer privacy."

Importantly, Chairman Muris announced that the FTC would not itself propose
new legislation to accomplish the FTC's privacy goals (though there are
dozens of bills pending in the 107th Congress addressing consumer privacy
which their advocates vowed to continue to push).  Instead, the clear
message of his address was that the FTC would use existing laws, regulations
and standards to achieve the FTC's privacy agenda.  The chairman made a
point of stating that the FTC's role would no longer be limited to online
concerns as has been the case since the FTC began studying online privacy in
1995.  Instead, due to the convergence of online and offline information
systems, the FTC would expand its activities to consumer privacy issues,
wherever they may arise.

FTC Privacy Agenda

The FTC Chairman issued a 12-point "Privacy Agenda."  Key points that likely
are of most interest to the business community include:

	1.	Enforcement of Privacy Promises.  FTC will step up its
enforcement under Section 5 of the FTC Act, which will include inappropriate
information transfers under the guise of bankruptcy or reorganizations; it
will also enforce compliance with the US-EU Safe Harbor Privacy Program.
	2.	Encouragement of Consumer Complaints.  Part and parcel of
its enforcement through the FTC Act, the FTC will make the complaint process
more consumer-friendly.
	3.	Enforcing the Gramm-Leach-Bliley Act.  The FTC will
"undertake enforcement efforts to ensure that financial institutions comply
with the law and will implement an outreach program to increase consumer
awareness of the [privacy] notices."  The FTC also will increase its
enforcement against pretexting, by seeking injunctions against information
brokers.  (Pretexting involves fraudulently obtaining personal financial
information by individuals calling financial institutions under the
"pretext" of being a customer.)
	4.	Enforcing the Fair Credit Reporting Act.  The FTC will "step
up its efforts" to ensure that consumers are advised of reasons for the
denial of credit and that information in their credit files is accurate.
	5.	Amendment of Telemarketing Sales Rule.  The FTC will amend
the Telemarketing Sales Rule to allow consumers to make a single call to
remove their names from telemarketing lists by creating a national
"do-not-call list."  Rule revisions also will include limitations on the
misuse of names and credit card numbers already in possession of
telemarketing companies.
Other items on the FTC's new Privacy Agenda include:
	*	Increased efforts to eliminate fraudulent and deceptive
SPAM.
	*	Stronger enforcement of the Children's Online Privacy
Protection Act (COPPA).
	*	Assistance to victims of identity fraud, and stepped up
prosecution of perpetrators.
	*	Conduct of workshops to evaluate compliance with privacy
laws and self-regulation standards, and evaluation of improved means for
assuring information security.

To achieve the FTC's new agenda, Chairman Muris announced an increase of 50%
in its privacy enforcement staff, from 37 to 52.

No Need for More Legislation - At Least for Now

Despite promises of stepped-up enforcement of privacy standards, Chairman
Muris announced that he thought it was still too early to assess the
effectiveness of existing legislation and industry self-regulation on
privacy concerns.   He rejected, at least for now, new legislation, saying
that "[a]t this time, we need more law enforcement, not more laws."

Nevertheless, Muris clearly has not been impressed with certain industry's
compliance with existing law.  Regarding the Gramm-Leach-Bliley Act, he
said:  "Acres of trees died to produce a blizzard of barely comprehensible
privacy notices. . . We can do better."  To address this and other
compliance issues, the FTC will hold a compliance workshop in Washington,
D.C., in December, where the FTC will review compliance experience before
new legislation is proposed.

Further Developments
We will continue to monitor the privacy agenda announced by the FTC.  Please
let us know if you would like to be advised of further developments in this
area.
* * * * *
McCutchen lawyers represent a wide range of clients in the privacy and
information security  area.  For more information on the important issues in
this McCutchen Alert, please contact Michael Arruda (marruda@mdbe.com;
415-393-2588).
We have taken the liberty of adding you to our privacy mailing list because
we thought you might be interested in receiving our periodic updates in this
area.  If you wish to be removed from our privacy mailing list, please send
an email to privacy@mdbe.com asking us to do so and we will respect your
request immediately.


E-MAIL NOTICE

This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. If you are not the intended recipient, please contact the sender by reply and destroy all copies of the original message. Thank you.

To reply to our E-mail Administrator directly, send an email to Postmaster@mdbe.com or call (415) 393-2000 and delete this email.

McCUTCHEN, DOYLE, BROWN & ENERSEN, LLP

http://www.mccutchen.com



 - C.DTF