Text of speech at FTC March 16, 2009 – Part 2(Don Whiteside and Scott Uthe contributed substantially to these remarks) Triangle of Trust No single entity can achieve the goal of building trust; it is clearly a Shared Responsibility. We recognize the role of governments, industry, and Non-Governmental Organizations working together in a “Triangle of Trust”. Government establishes the base of the Triangle by creating high level compliance principles and rules, and by conducting robust, predictable and harmonized enforcement. Industry should work with government to propose best practices which can allow companies to comply with laws and regulations. NGOs should work with both government and industry to codify industry best practices, handle dispute resolution to free up scarce government enforcement resources for the most important issues, and to educate individuals and privacy practitioners. Privacy, the Industry Role The Information Technology industry isn’t monolithic. Hardware platforms are loaded with Operating Systems, Applications, and users engage in services over the internet, whether it’s email, social networking, e-commerce, e-banking, e-education. In such a complex ecosystem, there’s no “silver bullet” solution to privacy; either in policy or in technology. This complexity places a priority on NGOs helping to bring industry together to develop industry best practices on both privacy and security. Government agencies can help these NGOs, by supporting them publicly and creating value in their services. This value can be created by working with the NGOs to create predictability that companies which are investing resources to comply with these industry best practices are unlikely to face unpredictable enforcement actions. However, regulators should also make certain to create programs of robust, harmonized and predictable enforcement to ensure non-compliant bad-actors do not gain competitive advantages in the marketplace from their lack of compliance.