Skip to main content

The Federal Trade Commission today told the House Committee on Small Business, Subcommittee on Regulatory Reform and Oversight that protecting consumers’ privacy rights is a top priority for the agency. Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection, told the Committee, “The Commission is committed to aggressive law enforcement, vigorous consumer and business education efforts, and global cooperation to safeguard the security of consumers’ personal information.” To date, the agency has brought 12 data security cases, six spyware and adware cases, more than a dozen financial pretexting cases, and more than 80 spam cases.

The testimony notes that securing information systems against an ever-changing array of threats is challenging, particularly for small businesses. Through recent cases charging companies with failure to take reasonable security measures to protect sensitive customer data, the agency has concluded that several principles should govern any information security program.

  • First, companies’ security procedures should reflect the sensitivity of the data they collect and maintain. “Different levels of sensitivity may dictate different types of security measures,” the testimony states.
  • Not all security breaches are violations of federal law. “Although a breach may indicate a problem with a company’s security, breaches can happen even when a company has taken every reasonable precaution.”
  • There can be law violations without a security breach. “Because appropriate information security practices are necessary to protect consumers’ privacy, companies cannot simply wait for a breach to occur before they take action. Companies have a legal obligation to take reasonable steps to guard against threats before a compromise occurs.”
  • As technology evolves and hackers and thieves adapt, risks will change over time. “As a result, companies need to assess the risks they face on an ongoing basis and make adjustments to reduce these risks,” the testimony states.

“Safeguarding customer information makes good business sense,” the testimony states. “When a small business shows that it cares about the security of customers’ personal information, they increase customers’ confidence in the company.”

In November 2006 the FTC will bring together experts from the business, government, and technology sectors, as well as consumer advocates, to explore the ways in which technological convergence and the globalization of commerce impact consumer protection. “The hearings will examine changes that have occurred in marketing and technology over the past decade, and garner experts’ views on coming challenges and opportunities for consumers, business, and government.”

For several years, the FTC has engaged in a broad outreach campaign to educate businesses and consumers about information security and the precautions they can take to protect or minimize risks to personal information. Last September, the FTC unveiled a cybersecurity campaign called OnGuard Online to educate computer users about basic computer security practices. OnGuardOnline.gov has attracted more than 750,000 unique users in less than six months, and the FTC has distributed more than 800,000 brochures and bookmarks.

“Consumers and businesses must be vigilant about data security in the global information-based economy. The Commission is committed to continuing its work promoting security awareness and sound information practices through education, enforcement, and international cooperation,” the testimony concludes.

The Commission vote to approve the testimony was 5-0.

Copies of the testimony are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to thousands of civil and criminal law enforcement agencies in the U.S. and abroad.

Contact Information

Media Contact:

Claudia Bourne Farrell
Office of Public Affairs
202-326-2181