Serving on the IAPP's Research Advisory Board has given me the opportunity to test drive a new, powerful tool the IAPP has just released that will be of immense value to practitioners, privacy professionals, regulators and scholars—indeed, anyone interested in the Federal Trade Commission's (FTC's) ongoing work on privacy. As far as I know, no other compendium of its kind exists, and certainly there is no other searchable, comprehensive database that contains complete details of all of the FTC's privacy enforcement cases as well as expert analysis of the key cases.

[caption id="attachment_151301" align="alignleft" width="318"]Click the image to give the Casebook a try. Click the image to give the Casebook a try.[/caption]

As everyone reading this knows, the FTC began its privacy work in earnest in the late 1990s, and since then, it has brought enforcement actions under both its deception and unfairness authority. The volume of these actions has accelerated over the years, and during my nearly four-year tenure at the agency, the FTC brought more than 50 privacy cases. When privacy scholars Dan Solove and Woody Hartzog published their analysis of the FTC's privacy enforcement history in the Columbia Law Review in April 2014, they calculated that the FTC had brought more than 150 privacy cases. My sense is that the pace of enforcement in the privacy realm has increased with Chairwoman Edith Ramirez and Bureau Director Jessica Rich setting the agency's priorities. And I expect that this trend will continue.

The volume and complexity of these cases is daunting enough for practitioners. But what has made privacy work especially challenging is the absence of any rigorously compiled and carefully annotated compendium that privacy practitioners, lawyers, privacy professionals, regulators, policy-makers and advocates could turn to.

The IAPP's new FTC Casebook is a game-changer. It contains detailed information about each case the FTC has brought, and it will be updated quickly to reflect all of the FTC's actions. Of equal importance, the casebook contains a detailed analysis of all of the FTC's key privacy and data security cases prepared by lawyers steeped in FTC law. Each case summary provides a synopsis of the relevant facts as well as a detailed and rigorous analysis of the agency's allegations, the order entered in the case and how the case fits into the FTC's growing common law, with a special emphasis on untangling the strands of the agency's deceptive and unfairness jurisprudence.

As Solove and Hartzog point out, it is this accumulated weight of consent decrees and litigated orders that form the "common law" of privacy that sets out boundaries that privacy practitioners must understand. The IAPP's casebook will be the go-to guide for privacy professionals to help them do exactly that.