From the Federal Trade Commission:
Staff of the Federal Trade Commission released a new paper today outlining key takeaways from a December 12, 2017 workshop examining injuries consumers may suffer from privacy and security incidents.
According to the Staff Perspective on the Informational Injury Workshop, participants discussed examples of harm that consumers have suffered as a result of such incidents, including:
- medical identity theft;
- doxing, the deliberate and targeted release of private information about an individual;
- disclosure of private information; and
- erosion of trust.
They noted that the risk of injury must be balanced with the benefits that can come from information collection.
Participants did not agree on when governments should intervene to address potential injuries to consumers. They did coalesce, however, around factors governments should consider when deciding whether action is required, such as the sensitivity of the information at issue, how the information will be used, and whether the information is anonymized or identifiable.
Workshop participants also agreed on the need for more research on a broad range of privacy and data security issues to help guide policymakers and law enforcement.
The FTC has worked to further this type of research with its annual PrivacyCon event, which solicits research on a variety of privacy and data security topics. The next PrivacyCon will take place in 2019.