CHIEF PRIVACY OFFICER and Federal Trade Commission

CHIEF PRIVACY OFFICER and Federal Trade Commission

The privacy policy statement posted on a company’s website binds the company and should be taken very seriously. Accordingly, to protect privacy rights and to notify customers of their obligations and choices, the Office of the Chief Privacy Officer [1] is founded on the following six fundamental principles:

  1. Notice:
    Customers should receive full disclosure of who is collecting information about them, what is being collected, and for what purpose.  The company should notify individuals about the purposes for which the information is collected and used, and provides information about how individuals can contact the responsible authority with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means the organization offers for limiting its use and disclosure.
  2. Choice:
    Individuals should be allowed to choose how information about them will be used, how long that information will be retained, under what circumstances that information would be transferred to other parties, and so on. Companies should give individuals the opportunity to choose to opt-out whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual.
  3. Access:
    We have to establish transparency by enabling customers to view, and even edit, the information we have so they can make sure it is accurate and relevant. Companies should provide access to information to individuals held about them, and correct or delete it if it is inaccurate.
  4. Security:
    We must ensure that a customer’s data are protected from unauthorized access, distribution, loss, or corruption. Companies should take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction; and take reasonable steps to ensure that data is accurate, complete, current, and reliable for its intended use.
  5. Self-regulation:
    We prefer robust self-regulation as we police ourselves as responsible citizens of a democracy. Self-regulation allows us to keep up with changing technological, social and legal norms in a global economy [2].  However, we should also recognize that self-regulation should be backed up by a robust enforcement mechanism to build consumer confidence and to hold us accountable for complying with the stated policies.
  6. Enforcement:
    Therefore, companies should provide effective means of enforcing these rules. In order to ensure compliance with the US-EU Privacy Shield (US-EU-PS) and the US-Swiss SafeHarbor (US-S-SH) principles, and commit: a) to make readily available and affordable independent recourse mechanisms such as Federal Trade Commission (FTC) or other US courts that may have jurisdiction so that each individual’s complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) to have implemented the procedures for verifying the commitment to adhere to the privacy policy; and (c) to fulfill obligations to remedy problems arising out of a failure to comply with the principles through the FTC or other US courts and the company’s privacy office. When the company receives a formal written complaint, the responsible office should contact the person who made the complaint to follow up and resolve the issue.

The Federal Trade Commission (FTC) has released a video, business blog, and Data Breach Response: A Guide for Business to assist organizations on what to do following a data breach [3].   The guide details the steps companies can take to safeguard their systems during a security incident, including securing physical areas related to the breach, stopping any further loss of data, removing information illicitly placed on the web, and who to contact such as law enforcement, affected businesses, and individuals. The FTC also wrote a sample data breach notification letter [4].


      As an Intellectual Property service provider, your privacy is very important to Cardinal Intellectual Property.

The privacy policy statement

      posted on our company’s website binds us and we take this very seriously. Accordingly, to protect your privacy rights and notify your obligations and choices, the Chief Privacy Officer is available to assist you in resolving your privacy issues reated to your personal data submitted in order to procure intellectual property services. For further details please visit:

Cardinal Intellectual Property Privacy Policy (CPP)
[3] Responding to a data breach? Check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business.
[4] FTC Suggested Model Letter
The following letter is a model for notifying people whose names and Social Security numbers have been stolen. When Social Security numbers have been stolen, it’s important to advise people to place a free fraud alert on their credit reports. A fraud alert may hinder identity thieves from getting credit with stolen information because it’s a signal to creditors to contact the consumer before opening new accounts or changing existing accounts. Also, advise consumers to consider placing a credit freeze on their file. The cost to place and lift a freeze depends on state law.

      [Name of Institution/Logo]  ____ ____ Date: [insert date]


Dear [Insert Name]:

We are contacting you about a data breach that has occurred at [insert Company Name].
What Happened?

[Describe how the data breach happened, the date of the breach, and how the stolen information has been misused (if you know)].
What Information Was Involved?

This incident involved your [describe the type of personal information that may have been exposed due to the breach].
What We Are Doing

[Describe how you are responding to the data breach, including: what actions you’ve taken to remedy the situation; what steps you are taking to protect individuals whose information has been breached; and what services you are offering (like credit monitoring or identity theft restoration services).]
What You Can Do

We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days.  You can renew it after 90 days.
Equifax: or 1-800-525-6285
Experian: or 1-888-397-3742
TransUnion: or 1-800-680-7289
Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Checking your credit reports periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being  misused, file a police report and call [insert contact information for law enforcement if authorized to do so]. Get a copy of the police report; you may need it to clear up the fraudulent debts.
If your personal information has been misused, visit the FTC’s site at to get recovery steps and to file an identity theft complaint. Your complaint will be added to the FTC’s Consumer Sentinel Network, where it will be accessible to law enforcers for their investigations.
You also may want to consider contacting the major credit bureaus at the telephone numbers above to place a credit freeze on your credit file.  A credit freeze means potential creditors cannot get your credit report.  That makes it less likely that an identify thief can open new accounts in your name.  The cost to place and lift a freeze depends on state law.  Find your state Attorney General’s office at to learn more.
We have enclosed a copy of Identity Theft: A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft.  We’ve also attached information from about steps you can take to help protect yourself from identity theft, depending on the type of information exposed.]
Other Important Information

      [Insert other important information here.]

For More Information
Call [telephone number] or go to [Internet website]. [State how additional information or updates will be shared/or where they will be posted.]
[Insert closing]
Your Name

No Comments

Sorry, the comment form is closed at this time.