Last year the FTC settled with Wyndham Worldwide over charges that alleged its hotel chain failed to protect consumers' data in a series of data breaches -- a case that solidified its cybersecurity oversight. More recently, it settled with the company behind the "brain training" brand Lumosity for misleading advertising for its games.
We caught up with Ramirez ahead of the annual tech show's official Wednesday launch to talk about her priorities headed into CES and her advice on how companies and consumers should think about privacy and security issues when it comes to tech.
This interview has been edited for clarity.
Tsukayama: What are the FTC's top reasons for coming to CES?
Ramirez: I think it's really two-fold. The first is that we're really interested in seeing how technology impacts consumers. Part of our mission is to protect consumers both in the digital world as well as in the brick-and-mortar world, and by coming to CES we ensure that we can see what the next generation of products will be. It's important for us to stay on top of what companies are doing when it comes to technology and also to evaluate what the implications are for consumers. That would be one of the main reasons.
Another reason is that it gives us an opportunity to engage with companies directly and talk about the issues that we see as being important -- to highlight the importance of protecting consumer privacy, protecting information, data security. So it allows us both to stay on top of emerging trends and also to convey our important messages to companies themselves.
Tsukayama: So, keeping the lines of communication open.
Tsukayama: Certainly sometimes innovation and regulation are seen as being at cross-purposes. We hear all the time that "Washington moves too slowly" or "Silicon Valley moves too fast," for example. How do you see that balance playing out?
Ramirez: I don't really see them as being at cross-purposes. The way that we approach things is that, number one, we want companies to bring out new, innovative products. We want consumers to benefit from that.
But at the same time we also want consumers and companies to be aware of the risks to consumer information -- when we look at privacy and data security, for instance.
It's really important for companies to know that, in order to be successful, we think consumers need to have confidence in the products they're purchasing. They're not going to purchase all of these new products if they're concerned about what's happening to their personal information. And certainly -- based on all the information I've seen, including surveys about how much consumers care about privacy -- this is an issue that's important to them. And if companies are going to be successful and they're going to be innovating successfully, I think they need to take these issues into account.
Tsukayama: And earlier in the process?
Ramirez: Without question. We're mainly a law enforcement agency, and, so, in much of our enforcement work, the problem that we often see is that companies don't really think about these issues at the outset of their design process. Instead, they think about them when something goes wrong.
Clearly that's not the way a company should be approaching these things. So, we really do encourage companies to engage in what we call privacy-by-design and security-by-design. And what that means is they should be thinking about incorporating privacy protective measures early on, from the very beginning, when designing a product. Therefore [privacy and security are] embedded in the product and [don't] become something they have to deal with afterwards -- after something has happened, and it's a problem.
Tsukayama: Enforcement is obviously a huge part of what you do, but so is education. What should consumers who may be wary about buying new gadgets know before they buy them?
Ramirez: I think consumers really do care about these issues, but I think it's important for them to understand the implications for them. And I think they need to understand what data practices are. So they need to make sure that they know -- when they're bringing a new [Internet-of-Things] device into their home, putting it on their wrist, etc. -- they need to understand what information is being collected about them, how that information might be used, and what security measures are in place to protect information that's being used. I think that's what's important from a consumer standpoint.
From a company standpoint, I think there are a few key messages that I convey whenever I have the opportunity to talk to companies. They should really think hard about what information they really need in order to provide the service that they're aiming to provide to consumers.
If you don’t need to collect the information, don't collect it. You're better off not having information that you don't really need. You're minimizing your risk. That's number one.
Number two: Be transparent about what you're doing and provide choices for consumers. When you do provide choices, make sure that you respect those choices when consumers do select. Some may opt not to have their information collected.
Finally, I can't emphasize the importance of data security enough. Today, given the volume of information that's being gathered and given the sensitivity of the information being gathered, in my mind, preserving and protecting that information is incredibly and increasingly vital. So I encourage companies to be thinking about all of these issues, and hopefully they won't have any issues to worry about.