Since President Obama’s selection of Jon Leibowitz as Chairman of the Federal Trade Commission (FTC), and Chairman Leibowitz’ selection of David Vladeck as the Director of the FTC’s Bureau of Consumer Protection, the FTC’s consumer protection agenda has been quite active, clearly taking on a pro-consumer slant. The implications of this philosophy have substantially impacted business strategies and executive analysis of risk management, impacting stakeholders that include not just the legal team and senior management, but the marketing and customer service personnel as well.

In 2011, the trends show that privacy concerns, compliance with advertising and marketing regulations, and the impact of social media and emerging technologies will be central compliance and risk management concerns. The key industries impacted by this consumer protection agenda will be the financial services sector as well as health care and pharmaceutical firms.

This article will briefly discuss some of these trends, focusing on privacy, the role of social media policies, and the scrutiny of marketing practices, and address the impact of these trends on compliance and risk management.

1. Privacy: On December 1, the FTC released its long-awaited report on privacy, setting forth a framework for how commercial entities should protect consumer information. The report pointed out that industry efforts in developing meaningful protections for consumer information have fallen short, and the framework suggests that legislation in this area is likely warranted.

The framework set forth in the report underscores the importance of presenting consumers with clear and easily digestible information regarding their privacy choices, as well as ensuring that companies obtain informed consent for certain collection and use of consumer data. The report identifies three substantive elements: (1) privacy by design, which instructs that companies should promote consumer privacy throughout their organizations at every stage of the development of their products and services; (2) simplified choice, which directs that companies should simplify consumer choice for uses and sharing of consumer information that are not reasonably expected; and (3) greater transparency, which notes that companies should increase their transparency of their data practices, including clear and easy-to-understand privacy policies, reasonable access to the data they maintain, and obtaining consumer consent before using data in a materially different way than claimed at the time of collection.

The report presents numerous questions concerning the elements of the proposed framework, and comments are due by January 31, 2011. The Commission intends to issue a final report in 2011.

This report and the privacy discussion overall reflect the concern that consumers bear too much burden for understanding and controlling how their data is collected, used, retained, and disclosed. Companies on the “cutting edge,” therefore, must seek to reverse this paradigm to avoid regulatory and legal scrutiny.

2. Social Media Policies: The FTC, in its release of its Guides on the use of testimonials and endorsements in advertising in the fall of 2009, made clear that companies must adopt policies that appropriately train and monitor their sponsored speakers. As a result of this mandate, businesses uniformly developed formal social media policies internally (for their employees) and externally (for their agencies, bloggers, and other sponsored speakers).

While the content and style of these policies varied from company to company, largely reflecting the culture of the particular business and industry, all compliant policies stressed four fundamental principles:

(1) transparency, or the need to disclose “material connections” in a “clear and conspicuous” manner;
(2) accuracy, or the need to communicate truthful information about the product or service;
(3) honesty, or the need to avoid misleading or deceptive communications; and
(4) respect, or the need to recognize personal or property rights of others.

The importance of the role of social media policies was highlighted by the Commission’s action involving Ann Taylor, where some bloggers failed to disclose that they had received free gifts from LOFT. The issue was whether Ann Taylor engaged in deceptive practices where it provided gifts to bloggers who the company expected would blog about the LOFT Division. The FTC closed its investigation and determined not to recommend an enforcement action, because “LOFT adopted a written policy . . . stating that LOFT will not issue any gift to any blogger without first telling the blogger that the blogger must disclose the gift in his or her blog.”

The lesson is clear for businesses: adopt a meaningful policy, be sure it is implemented appropriately, and constantly evaluate its effectiveness.

3. Advertising and Marketing Practices: It is clear that the FTC’s focus on a company’s advertising claims and marketing practices is a centerpiece of its consumer protection mission. Major brands were subject to FTC enforcement actions during the recent past, including, for example:

Dannon was challenged for the claims concerning health benefits for Activia yogurt and the DanActive dairy drink.

Kellogg’s was challenged on two separate occasions, one for its claims that Frosted Mini-Wheats benefits cognitive health and one for its immunity-related claims involving Rice Krispies.

Walgreen’s, CVS, and Rite Aid each were challenged for their claims involving cold and flu remedies, and each had notable penalties: Walgreen’s was fined $6 million; CVS was fined $2.8 million; and Rite Aid was fined $.5 million.

TicketMaster’s advertising practices were challenged concerning its alleged tactics to sell event tickets to consumers.

K-Mart was charged with deceptive claims that its paper products were biodegradable.

Therefore, businesses are advised to have a rigorous review and compliance procedure to address the nature of the claims being advertised and the integrity of the substantiation provided for those claims.

In conclusion, 2011 promises to be a challenging year for executives analyzing compliance and risk management. Many industry groups and trade associations have put together meaningful “best practices” procedures and templates, but it is clear that efforts at industry self-regulation will not be a shield to governmental or regulatory scrutiny.