FTC chief pushes for federal data breach law

Federal Trade Commission Chairwoman Edith Ramirez on Tuesday pushed Congress to pass legislation governing how companies respond to data breaches.

“With reports of data breaches on the rise, Congress needs to act,” she said during a hearing of the Senate Judiciary Committee.

Senators held a hearing to examine data breaches in response to a rash of high-profile incidents, including the one Target experienced last year that put the financial and personal information of millions of customers at risk.

ADVERTISEMENT

Currently, the FTC brings cases against companies that do not adequately protect consumer data under its authority to protect consumers from unfair and deceptive practices. The FTC is in the middle of two challenges to this authority — one from hotel giant Wyndham Hotels and one from the medical testing company LabMd.

“We think we use that authority effectively, but I think we could be even more effective in this area if there were a federal security law,” Ramirez told senators Tuesday.

Sen. Al FrankenAlan (Al) Stuart FrankenCould Andrew Cuomo — despite scandals — be re-elected because of Trump? Al Franken to launch 15-stop comedy tour Democrats, GOP face crowded primaries as party leaders lose control MORE (D-Minn.) pointed to Ramirez’s testimony as a reason that Congress should pass data security legislation.

In her prepared testimony, Ramirez called for a “strong and consistent national requirement” governing how companies notify users when their data is compromised.

Most states have their own requirements, but a national standard “would simplify compliance by businesses while ensuring that all consumers are protected,” she said.

Ramirez said Congress should pass legislation that would give her agency the ability to seek civil penalties for companies that do not adequately protect their users’ data.

“We urge Congress to allow the FTC to seek civil penalties against other companies to ensure that FTC actions can deter unreasonable data security practices in all appropriate instances,” Ramirez wrote.

Additionally, Congress should give the FTC authority over nonprofits, she said.

“A number of breaches occur at nonprofits, and, currently, we lack authority over nonprofits. That’s a gap we would like to see filled.”