The Federal Trade Commission renewed its call for data security legislation in testimony before the Senate Committee on Homeland Security and Governmental Affairs.
Chairwoman Edith Ramirez told lawmakers that the FTC believes that as more data breaches are revealed, the risk to consumers and businesses becomes clear. The testimony highlights the FTC's efforts in the data security arena, including its enforcement of the FTC Act and specific statutes such as the Fair Credit Reporting Act, Childrens Online Privacy Protection Act and the Gramm-Leach-Bliley Act.
The FTC has settled more than 50 such cases alleging that companies took inadequate measures to protect consumer data. The testimony calls attention to recent settlements with Credit Karma and Fandango as part of the FTC's effort to encourage companies to adopt security in the design of their products.
Consumers data is at risk, the testimony states. Recent publicly announced data breaches remind us that hackers and others seek to exploit vulnerabilities, obtain unauthorized access to consumers sensitive information, and potentially misuse it in ways that can cause serious harm to consumers as well as businesses.
The testimony outlines the FTC's policy initiatives related to data security issues, including workshops, seminars and reports on a wide variety of topics that affect the collection, use and security of consumers personal information. The testimony also notes the FTC's efforts to educate consumers and provide guidance to businesses about issues related to data security.
In calling for legislation, the FTC's testimony recommends that Congress strengthen its existing authority governing data security tools, and that it require companies in appropriate circumstances to notify consumers affected by a data breach. Specifically, the testimony calls for authority to seek civil penalties to help deter unlawful conduct, rulemaking authority under the Administrative Procedures Act and jurisdiction over non-profit entities, which are not currently subject to FTC oversight.