The Federal Trade Commission testified before Congress today on the agency’s ongoing efforts to promote data security, and reiterated its support for enactment of a strong federal data security and breach notification law.
Testifying on behalf of the Commission before the Senate Judiciary Committee, FTC Chairwoman Edith Ramirez outlined the agency’s efforts to promote data security through civil law enforcement, education, and policy initiatives. The testimony notes that businesses are collecting more personal information about consumers than ever before, and that rising reports of data breaches show that these systems are susceptible to being compromised.
“Never has the need for legislation been greater. With reports of data breaches on the rise, and with a significant number of Americans suffering from identity theft, Congress needs to act,” the testimony states.
The testimony points out that, according to estimates by the Bureau of Justice Statistics, 16.6 million persons – or 7 percent of all U.S. residents ages 16 and older – were victims of identity theft in 2012.
The testimony explains that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data. These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.
The testimony stresses the Commission’s bipartisan support for data security legislation that would enhance existing laws and strengthen the agency’s existing authority. The Commission supports legislation, for example, that would give the FTC the ability to seek civil penalties to help ensure FTC enforcement actions have an appropriate deterrent effect. Under current laws, the FTC only has the authority to seek civil penalties for data security violations involving companies that fail to protect children’s information provided online in violation of the COPPA Rule or credit report information in violation of the FCRA. The Commission also recommends data security legislation that would provide the agency with jurisdiction over non-profits, which have been the source of a substantial number of breaches
The Commission also recommends that Congress enact a federal law that would require companies, in appropriate circumstances, to notify consumers when there is a security breach, the testimony states. This would help consumers mitigate likely harm from the misuse of their data. Although most states have breach notification laws, a strong and consistent, national requirement would ensure that all consumers are protected.
In addition, the Commission promotes better data security practices through consumer education and business guidance, the testimony notes. On the consumer education front, the Commission recently posted information for consumers who may have been affected by the recent Target and other breaches, providing steps they should take to protect themselves. It also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses – and especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies.
The Commission vote approving the testimony and its inclusion in the formal record was 4-0.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad.