Revamp of FTC Data Privacy Enforcement
On October 16, 2020, FTC Commissioner Slaughter delivered the keynote address titled “Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change”. Slaughter proposed important changes to the enforcement regime. Below is a summary. Compliance Officers should track potential developments including personal liability for those that participated in the illegal practices or “had authority to control them.”
- Utilization of more meaningful deterrent remedies including a combination of injunctive relief and monetary sanction;
- Expand corporate accountability by naming corporate executives as individual defendants;
- Increased relief to consumers including monetary relief and direct notice of violations;
- Expand efforts to curb abusive data practices from AI and machine learning, as well as the use of data to increase levels of children and teen engagement on social media;
- Expand the Commission’s authority by reviving the Magnuson-Moss rulemaking; and
- Pleading not just deception in a complaint but also pleading “unfairness”. e. Failure to take proper care of consumer data is illegal even if the wrongful actor is not deceptive about it.
New Standards: Anti-Corruption and Ethics are Core to ESG
A recently released report included important clarification about the importance of compliance and compliance officers in ESG efforts. The International Business Council (IBC) of the World Economic Forum(WEF), in collaboration with the Big 4 accounting firms, released a white paper, “Toward Common Metrics and Consistent Reporting of Sustainable Value Creation” which recommend a set of common ESG metrics and disclosures. It shows the G in ESG should include an analysis of ethics and compliance.
SEC Commissioner Peirce spoke on October 19, 2020, at the NSCP National Conference. Below are some practical take-aways for you to consider as you review your efforts in light of Commissioner Peirce’s comments.
- Manage Personal Liability: Are your policies written so the CCO approves policies without business approval first? This may be a helpful reminder to consider a change to policy approval governance so adequacy of policies and procedures involves a fulsome review, discussion and approval by the business.
- Document Compliance Budget and Requests for Resources: Are you documenting your efforts to align resources and professional development and training? Documentation via issue tracking and/or metrics and budget requests can be useful.
“The Commission has declined to impose personal liability on compliance officers who were ill-equipped for their jobs, who were denied the resources necessary to do their jobs, or who were genuinely over-burdened with other duties.“
- Track Discussions About CCO Liability for Negligence: How are you tracking developing expectations? Be aware of liability for negligence and track potential changes to the CCO framework.
“In contrast, to establish in an administrative cease and desist proceeding that a compliance officer was the cause of a company’s violation, it is only necessary to show that the individual committed an “‘an act or omission the person knew or should have known would contribute’” to the violation. The phrase “should have known” is “classic negligence language,” and the Commission and courts both have concluded that it sets a negligence standard for liability. Thus, where a company has committed a violation that does not require scienter—such as failing to have sufficient policies and procedures—a compliance officer can be held to have caused the violation based on her own negligent conduct.”
The Department of Justice published a report titled “The Cryptocurrency Enforcement Framework” on October 9, 2020. It provides an overview of the asset class and complex regulatory regime focused on AML and other anti-fraud risks.
SEC Enforcement Annual Report
On November 2, 2020, SEC Division of Enforcement published its annual report for fiscal year 2020. The report outlines its 2020 accomplishments, lists noteworthy enforcement actions, as well as covers areas of strategic change. This is a good time of year to review the report and the SEC examination priorities as you conduct your annual review. Make sure your priorities are aligned with regulatory expectations and risk assessments, testing and policy reviews address any gaps. OCIE 2020 National Examination Program Priorities