Exaggerated Privacy Statement Gets A Slap From The FTC

If you are going to make claims about your privacy policy, make sure you can back them up or you may have to deal with an FTC citation. Case in point: ReadyTech Corporation, a California company that provides on-line and instructor-led training. It claimed on its website that it was “in the process of certifying that we comply with the U.S. – E.U. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries.” Not true, said the FTC in its complaint. What was true is that ReadyTech initiated an application, in October of 2016, but the FTC found the company “is not actively in the process of certifying,” and therefore its representation was “false or misleading.” The FTC’s decision and order does not include any penalty – unless you consider the requirement to produce a blizzard of paperwork for the next twenty years to be a penalty. That would include accounting records, detailed personnel records, and “all records necessary to demonstrate full compliance with each provision of this Order…”