FTC chairman backs national data security standard

Federal Trade Commission Chairman Jon Leibowitz said there should be a national data breach notification standard Thursday but declined to take a position on the SAFE Data Act that passed a House subcommittee Wednesday.

Currently, 47 states have laws that require companies to notify consumers if their private data is breached, but there is no national standard.

“You don’t want a crazy quilt patchwork of statutes even if most of them, or the vast majority of them, are reasonable,” Leibowitz said at a forum on privacy at the Brookings Institution on Thursday.  

He said, “If you get the right standards in a federal law, the ones that protect privacy and ensure notification, then that’s generally preferable” to a patchwork of state laws.

Republicans on the House Commerce, Manufacturing and Trade Subcommittee approved the SAFE Data Act to establish a uniform national standard for notifications of data breaches Wednesday. The bill now awaits a vote in the full Energy and Commerce Committee.

Democrats voted against the measure, arguing that it does not do enough to protect consumers’ privacy. Republicans said the bill should focus on protecting financial information that could be used for identity theft, not protecting private information such as pictures or purchasing history.  

When asked directly about the SAFE Data Act, Leibowitz declined to take a position, noting that he had not read the bill yet. But he expressed hope that lawmakers will eventually craft bipartisan legislation.

“The only way you get legislation enacted in Congress is to make it more consensus-driven and bipartisan,” Leibowitz said. “I’m sure there’s certainly an opportunity down the road for resurrecting that bipartisan component.”

---