FTC Testifies on Data Security Before Senate Homeland Security and Governmental Affairs Committee

Washington, DC - In testimony before Congress today, the Federal Trade Commission provided an update on its efforts to protect consumers’ privacy in the face of growing data breaches and renewed its call for data security legislation.

Testifying on behalf of the Commission before the Senate Committee on Homeland Security and Governmental Affairs, Chairwoman Edith Ramirez told lawmakers that the Commission believed that as more data breaches are revealed, the risk to consumers and businesses becomes clear.

“Consumers’ data is at risk,” the testimony states. “Recent publicly announced data breaches remind us that hackers and others seek to exploit vulnerabilities, obtain unauthorized access to consumers’ sensitive information, and potentially misuse it in ways that can cause serious harm to consumers as well as businesses.”

The testimony highlights the Commission’s wide-ranging efforts in the data security arena, including its enforcement of the FTC Act as well as specific statutes such as the Fair Credit Reporting Act, Children’s Online Privacy Protection Act, and the Gramm-Leach-Bliley Act to encourage companies to make data security a priority. The Commission has settled more than 50 such cases alleging that companies took inadequate measures to protect consumer data.  The testimony calls attention to recent settlements with Fandango and Credit Karma as part of the Commission’s effort to encourage companies to adopt security in the design of their products.

In addition, the testimony outlines the Commission’s policy initiatives related to data security issues, including workshops, seminars and reports on a wide variety of topics that affect the collection, use and security of consumers’ personal information. The testimony also notes the Commission’s ongoing efforts to educate consumers and provide guidance to businesses about issues related to data security.

In calling for legislation, the Commission’s testimony recommends that Congress strengthen its existing authority governing data security tools, and that it require companies in appropriate circumstances to notify consumers affected by a data breach. Specifically, the testimony calls for authority to seek civil penalties to help deter unlawful conduct, rulemaking authority under the Administrative Procedures Act, and jurisdiction over non-profit entities, which are not currently subject to FTC oversight.

Additional information