If your company is a credit-reporting agency, you must implement a rigorous screening process for new clients if you want to avoid an FTC investigation.

If your company is engaging in any of the seven practices above, how would the risk of an FTC privacy consent decree become a reality?

You can expect a five-step process:

1. Triggering event. Something has to bring your situation to the FTC's attention. This can be a press report of a data breach or product launch, or a consumer complaint that results in a congressional inquiry or lawsuit by a privacy advocate such as the Electronic Privacy Information Center (EPIC). The FTC staff might also proactively conduct a sweep or other type of cross-cutting analysis of companies on a particular data practice.