Showing posts with label GRAMM-LEACH-BLILEY ACT. Show all posts
Showing posts with label GRAMM-LEACH-BLILEY ACT. Show all posts

Wednesday, April 2, 2014

FTC TESTIFIES TO SENATE COMMITTEE REGARDING DATA SECURITY

FROM:  FEDERAL TRADE COMMISSION 
FTC Testifies on Data Security Before Senate Homeland Security and Governmental Affairs Committee
Commission Renews Call for Data Security Legislation

In testimony before Congress today, the Federal Trade Commission provided an update on its efforts to protect consumers’ privacy in the face of growing data breaches and renewed its call for data security legislation.

Testifying on behalf of the Commission before the Senate Committee on Homeland Security and Governmental Affairs, Chairwoman Edith Ramirez told lawmakers that the Commission believed that as more data breaches are revealed, the risk to consumers and businesses becomes clear.

“Consumers’ data is at risk,” the testimony states. “Recent publicly announced data breaches remind us that hackers and others seek to exploit vulnerabilities, obtain unauthorized access to consumers’ sensitive information, and potentially misuse it in ways that can cause serious harm to consumers as well as businesses.”

The testimony highlights the Commission’s wide-ranging efforts in the data security arena, including its enforcement of the FTC Act as well as specific statutes such as the Fair Credit Reporting Act, Children’s Online Privacy Protection Act, and the Gramm-Leach-Bliley Act to encourage companies to make data security a priority. The Commission has settled more than 50 such cases alleging that companies took inadequate measures to protect consumer data.  The testimony calls attention to recent settlements with Fandango and Credit Karma as part of the Commission’s effort to encourage companies to adopt security in the design of their products.

In addition, the testimony outlines the Commission’s policy initiatives related to data security issues, including workshops, seminars and reports on a wide variety of topics that affect the collection, use and security of consumers’ personal information. The testimony also notes the Commission’s ongoing efforts to educate consumers and provide guidance to businesses about issues related to data security.

In calling for legislation, the Commission’s testimony recommends that Congress strengthen its existing authority governing data security tools, and that it require companies in appropriate circumstances to notify consumers affected by a data breach. Specifically, the testimony calls for authority to seek civil penalties to help deter unlawful conduct, rulemaking authority under the Administrative Procedures Act, and jurisdiction over non-profit entities, which are not currently subject to FTC oversight.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

Tuesday, February 4, 2014

FTC TESTIFIES ON DATA SECURITY

FROM:  FEDERAL TRADE COMMISSION 
FTC Testifies on Data Security before Senate Banking Subcommittee

In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.

Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.

“Data security is of critical importance to consumers.  If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.

The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data.  These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.

Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states.  Last week, the agency announced it had reached a milestone with its 50th data security settlement.  GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.

“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.

The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles.  These include:  knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.

The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en LĂ­nea.  For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.

The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.

Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security.  The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.

“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

Search This Blog

Translate

White House.gov Press Office Feed