Testifying before a Senate Homeland Security and Government Affairs Subcommittee, the Federal Trade Commission described its work to promote reasonable data security and reiterated its longstanding bipartisan call for enactment of a comprehensive federal data security law.
In testimony before the Permanent Subcommittee on Investigations, the FTC described its efforts over nearly two decades to address data security through law enforcement, policy initiatives, and consumer and business education.
The testimony, delivered by Bureau of Consumer Protection Director Andrew Smith, noted that the Commission has settled or litigated more than 60 law enforcement actions against businesses that allegedly failed to take reasonable precautions to protect consumers’ data. Among those have been cases against manufacturers of consumer products like smartphones, computers, routers, and connected toys, as well as against companies that collect consumers’ sensitive personal information.
Although it does not enforce a comprehensive data security law, the Commission brings cases under provisions of the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Children’s Online Privacy Protection Act. The agency also has used its authority under Section 5 of the FTC Act to stop companies who allegedly engage in unreasonable data security practices, or made misleading statements or omissions about data security.
With regard to proposed data security legislation, the testimony states, the FTC supports provisions that would give the agency the ability to seek civil penalties to effectively deter unlawful conduct; jurisdiction over non-profits and common carriers; and the authority to issue implementing rules under the Administrative Procedure Act, as appropriate.
“Each of these additional authorities is important to the Commission’s efforts to combat unreasonable security,” the testimony states.
The testimony also described policy initiatives that the FTC undertakes to promote data security, as well as the Commission’s extensive business and consumer education on the issue.
For example, in December 2018, the FTC held a hearing on data security as part of its series of Hearings on Competition and Consumer Protection in the 21st Century, which yielded important information about business and technological changes that affect pressing consumer protection issues. The FTC also undertook an initiative to provide guidance to small businesses on cybersecurity, including fact sheets, videos, and other materials on dozens of cybersecurity topics.
The Commission vote approving the testimony and its inclusion in the formal record was 5-0.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.