CID (Civil Investigative Demand), the equivalent of a subpoena, will be drafted from a template (so should look similar to other breach CIDs), but modified to address this particular breach. 2/n
The CID will start its journey “up to the Commission” reviewed by the head of DPIP, Director of the Bureau of Consumer Protection, and then finally by the Commission and signed by a commissioner for final approval. 3/n
The CID will then be sent out (often by FedEx to the CEO). The CID has a “meet and confer” deadline 14 days after the letter arrives. So at some point between the letter’s arrival and the meet and confer deadline, staff gets a call from the company’s outside counsel. 4/n
Outside counsel will explain that they just got the letter and sometimes ask for an extension to prepare for the meet and confer. This is likely granted. A new meet and confer date is set. At this point staff likely only has information that they’ve seen in the news. 5/n
The meet and confer is the first opportunity for a company like @Marriott to show the @FTC that the investigation isn’t necessary or to try to limit the scope. Staff will likely still want the majority of the information requested in the CID. 6/n
So at the meet and confer, likely the FTC staff attorneys and the company’s counsel will agree on a “rolling production schedule.” Meaning the company will need to produce documents over a period of time (usually a few months). 7/n
Giving extensions to productions is actually in the FTC’s favor. Gives company enough time to search for, find, redact (if necessary) the production. Which could be as large (and in some cases larger) as 400K pages of documents. 8/n
As those documents are produced the assigned staff attorney team (2-3) start reviewing the documents and pulling out the “hot documents” to pull together a potential case against the company. This could take 6 months to 2 years depending on the complexity of the case. 9/n
This is the most time consuming part. A small staff team has to learn everything they can about the company’s breach and response. Technical experts (internal and external) are often called in to consult. 10/n
If the staff attorneys feel like something might be missing from the production, they might ask informally for the information or draft up another CID. Multiple CIDs for large cases is not uncommon. 11/n
What happens next is generally very fact specific. The case might close without any public acknowledgement that it was opened, staff might send a public closing letter (I see this as a consolation prize for the staff), pursue the case in federal or admin court, or settle. 12/n
What ever happens, we probably won’t hear from the @FTC for a while about the @Marriot breach, although the FTC has been publicly acknowledging major cases recently. A good investigation takes time and the hard working, under resourced, staff attorneys have a lot to do. fin/
You can follow @wbm312.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.