In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.
Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.
“Data security is of critical importance to consumers. If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.
The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data. These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.
Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states. Last week, the agency announced it had reached a milestone with its 50th data security settlement. GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.
“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.
The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles. These include: knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.
The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en Línea. For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.
The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.
Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security. The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.
“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.
The Commission vote approving the testimony and its inclusion in the formal record was 4-0.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Office of Public Affairs