The Federal Trade Commission has filed comments with the Federal Communications Commission in response to the FCC’s proposal to establish a voluntary program under which communications service providers would be certified if they adhere to a set of cyber security objectives or practices. The comments are based on the FTC’s policy activities relating to data security, law enforcement actions for failure to protect consumers’ data, and consumer and business education.
The FTC uses a flexible approach to data security to analyze whether companies’ practices are reasonable and appropriate in light of the risks and vulnerabilities they face. The comment recommends that the FCC use a similar flexible approach if it decides to move forward with a certification program, because communications service providers hold and handle similar sensitive consumer information and face similar security risks as those entities the FTC has investigated for their data security practices. “Such an approach would allow a program’s objectives and practices to address a broad range of security threats that might arise in a variety of different contexts.”
In addition, a program should be able to adjust to evolving security threats. “Technologies and business realities change over time,” the FTC comment states. “New technologies likely will have new vulnerabilities waiting to be discovered. . . . Therefore, a certification program should not allow itself to become outdated. Rather, a program should regularly assess its effectiveness and make necessary adjustments in response to evolving security threats.”
Finally, a certification program requires a strong enforcement mechanism. “A program must have the resources necessary to conduct regular reviews of participating companies, evaluate complaints of non-compliance, and take remedial action where necessary,” the comment states.
The Commission vote to authorize the filing of the comments was 5-0.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics.