FTC Testifies on Data Security Before Senate Commerce, Science and Transportation Committee

Washington, DC - In testimony before Congress today, the Federal Trade Commission renewed its call for data security legislation and provided an update on its efforts to protect consumers’ privacy in the face of growing reports of data breaches.

Testifying on behalf of the Commission before the Senate Committee on Commerce, Science and Transportation, Chairwoman Edith Ramirez told lawmakers that the Commission believed Congress should act, particularly in light of the significant data breaches reported over the course of recent months.

“The Commission is here today to reiterate its longstanding, bipartisan call for enactment of a strong federal data security and beach notification law,” said Ramirez. “Never has the need for legislation been greater.”

The testimony highlights the Commission’s wide-ranging efforts in the data security arena, including its civil law enforcement authority under specific legislation such as the Fair Credit Reporting Act, Children’s Online Privacy Protection Act, and the Commission’s Safeguards Rule under the Gramm-Leach-Bliley Act. The testimony also notes the 50 data security cases the Commission has settled as a result of companies’ unfair or deceptive practices under the FTC Act.

In addition, the testimony outlines the Commission’s policy initiatives related to data security issues, including workshops, seminars and reports on a wide variety of topics that affect the security of consumers’ personal information. The testimony also notes the Commission’s ongoing efforts to educate consumers and provide guidance to businesses about issues related to data security.

In calling for legislation, the Commission’s testimony recommends that Congress strengthen its existing authority governing data security standards, and that it require companies in appropriate circumstances to provide notification to consumers affected by a data breach. Specifically, the testimony calls for the legislation to give the Commission the authority to seek civil penalties to help deter unlawful conduct, rulemaking authority under the Administrative Procedures Act, and jurisdiction over non-profit entities, which are not currently subject to FTC oversight.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

Additional information