Keynote address delivered at the October 16, 2020 conference of New York University School of Law’s Program on Corporate Compliance and Enforcement, titled, Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change.
Over the past year, our entire world has shifted. How we work, how we connect, how we learn, and how we shop have all changed. These changes were abrupt, unwelcome, and in many instances devastating. I am by nature an optimistic person, but it is hard to use the term “silver lining” in connection with events that have threatened or stolen the health and livelihoods of so many. Instead, I think often of Mary Oliver’s famous words: “Someone I loved once gave me a box full of darkness. It took me years to understand that this too, was a gift.”[2] When I think of the darkness that this year has given us, I draw the most hope from the awakening across so many spheres of life that things must change. My mother used to joke that my motto should be “change is bad,” because I am personally so resistant to change; to be clear, this was not a compliment. But my personal and our collective resistance to trying new approaches is, thankfully, waning. In the years to come, I hope that this collective opening up to change is the gift we bear forward out of today’s darkness.
As a Commissioner at the FTC, I want to embrace this openness to change and commit to exploring new approaches across our mission areas. And I want to focus my remarks today on opportunities for change in how we approach data privacy enforcement. To maximize the FTC’s enforcement effectiveness in data privacy, there are three areas in which I believe we need to shift our approach: (1) remedies, (2) case prioritization, and (3) more comprehensive use of our existing authority.