Another way to get the FTC's attention is to share data in ways that would surprise people. Google found this out after the 2010 launch of its now-defunct Buzz social-media platform. The FTC found that Gmail users were not made sufficiently aware of how to avoid joining the platform and sharing their personal information with other Buzz users. The case was the first time the FTC enforced the U.S.-EU Safe Harbor agreement against an existing member, and the settlement became the first time the FTC required the implementation of a comprehensive privacy program.

The FTC has dinged other companies, including Action Research Group ($606,000 fine) and AccuSearch ($200,000 fine), for selling personal data to third parties. Most recently, the FTC settled with popular data aggregator Spokeo for $800,000 for selling consumer data in violation of the Fair Credit Reporting Act (FCRA).

I caught up this week with Angela Saverice-Rohan, Spokeo's new general counsel. She explained how her company inadvertently appeared on the FTC's radar.

"Spokeo, like other people-search companies, does not purport to be a consumer reporting agency, and we expressly instruct our users on the appropriate uses of our data," she said.