Compliance with the European Union’s General Data Protection Regulation (GDPR), scheduled to take effect in May 2018, has taken center stage for companies. But it is important to remember that regulators in the U.S. continue their own work to protect the privacy interests of consumers. The Federal Trade Commission (FTC) took the spotlight on December 12, 2017, when it hosted a one-day workshop titled “Informational Injury” in Washington DC. The event brought together a variety of stakeholders – including industry representatives, consumer advocates, academics and government researchers – to discuss issues related to the injuries consumers suffer when information about them is misused.

In opening remarks, Acting FTC Chairwoman Maureen Ohlhausen cited the key goals of the meeting: (1) to better identify different types of privacy injury, (2) to explore frameworks to quantitatively measure and estimate the risk of harm, and (3) to understand how consumers and businesses evaluate the risks of increased exposure to privacy injury in light of the benefits of personal information use. Another stated goal was to determine in what cases FTC action may be appropriate.

At the workshop, industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and harms to consumers when information about them is misused or inappropriately protected. They discussed the prevalence of these injuries, and what factors businesses and consumers consider when evaluating the tradeoffs between providing information and potentially increasing their exposure to injuries.

This event highlights that while attention is focused on regulation in Europe, it is important not to lose sight of the activities of U.S. regulators, who continue to monitor issues of privacy and are empowered to bring enforcement actions when deemed appropriate. The steps required for compliance with EU law – particularly with respect to governance and accountability – are also key to meeting regulators’ expectations in the U.S. The measures companies take to ensure the responsible processing and protection of data will serve them well with regulators on both sides of the Atlantic.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact