"As a government agency, we aren't the ones who have our fingers on the pulse of technology," Mithal said during an event sponsored by the Congressional Internet Caucus Advisory Committee.
The standard was adopted by the FTC in March but is identical to a staff report that commissioners signed off on in December 2010.
It takes a broader view of what information is deserving of regulatory protection. Previous rules and regulations focused on securing personally identifiable information such as names, Social Security numbers and addresses.
Mithal stressed that the FTC’s new privacy report shouldn’t be seen as an alternative to a proposal from the White House, calling the two papers "complementary and consistent."
The main difference, she said, is the administration's policy plan is more focused on implementation, while the FTC report provides "a little more guidance" to industry.
Mithal caused a stir at the event when she seemed to indicate the FTC would take action against app developers who don't create privacy policies for their products.
Asked whether she thought the FTC had authority to take action in such cases, Mithal said, "stay tuned."
CORRECTION: An earlier version of this story incorrectly suggested the FTC has shifted its position on how to protect privacy online. The FTC has operated under the same policy since December 2010.