October 19, 2021


Born to play

Senators want FTC to enforce a federal data security standard

U.S. Senators want to empower the Federal Trade Fee to develop into a much better...

U.S. Senators want to empower the Federal Trade Fee to develop into a much better protector and enforcer of shopper information privateness and safety.

Throughout the second in a series of hearings concentrated on the value of federal expectations for information privateness and safety, the U.S. Senate Committee on Commerce, Science and Transportation listened to experts who recommended enhancement of a information safety standard for corporations which is enforced by the FTC. The initial listening to explored the creation of a federal information privateness legislation as perfectly as creation of a information privateness bureau in the FTC.

The connect with for federal information privateness and safety expectations follows assaults on essential infrastructure corporations, which includes the 2021 assault on Colonial Pipeline. That assault, which caused gasoline shortages, was cited by committee chair Sen. Maria Cantwell, D-Clean., as a explanation necessitating federal expectations.

Cantwell and Sen. Roger Wicker, R-Pass up., have introduced two different costs that would established U.S. privateness and safety expectations for corporations: the Buyer On line Privateness Rights Act and the Location an American Framework to Guarantee Information Entry, Transparency and Accountability (Harmless Information) Act. The laws would also give the FTC and condition attorneys standard the ability to implement the expectations.

“We believe that these corporations don’t spend more than enough for the point that they have oversight of our treasured information and information,” Cantwell mentioned. “We know that a much better FTC will support, but we need to have to give the FTC the sources they need to have to do their occupation.”

Authorities make information safety standard tips

James Lee, chief functioning officer at San Diego-centered nonprofit Id Theft Source Center, echoed Cantwell’s worry that the U.S. desires a federal information safety standard and to greater outline countrywide cybersecurity finest procedures.

Lee mentioned a federal information safety standard ought to call for corporations to deal with modest but preventable flaws that guide to information breaches, these as unpatched software, as perfectly as reduce shopper information that can be collected and stored by corporations. In addition, Lee mentioned much better enforcement steps would be needed for corporations that fail to satisfy the information safety standard.

“Without having enforceable negligible expectations, there are no broad incentives over and above seeking to stay clear of headlines or post-breach litigation to get people today to basically make broad organizational adjustments,” Lee mentioned.

“We need to have greater enforcement,” he mentioned. The FTC is “finest equipped to be that enforcement company.”

In fact, Jessica Rich, counsel at legislation agency Kelley Drye and Warren LLP and former director of the FTC Bureau of Buyer Protection, mentioned latest legislation fails to established crystal clear expectations for information safety or provide suitable therapies.

“Most of the FTC’s information safety efforts are centered on the FTC Act, a legislation that leaves wide gaps in safety and would not authorize penalties for initial-time violations,” she mentioned. “When there are sector-certain guidelines with a information safety element, and fifty percent the states now have their possess information safety guidelines, it’s a messy and complicated patchwork.”

The successful FTC of the upcoming is 1 that has much better authority, enhanced sources and bigger technological capability.
Edward FeltenProfessor of pc science and public affairs, Princeton University

Rich recommended a standard which is scalable to distinct sorts and sizes of corporations and the volume and sensitivity of the information they obtain. Otherwise the legislation could impose necessities unwell-suited and unattainable for modest business, she mentioned. Rich also supported information minimization incentives or necessities.

Rich mentioned to make sure accountability and deterrence, the information safety standard ought to authorize strong therapies these as civil penalties and redress to corporations that fail to satisfy the information safety standard.

Edward Felten, Robert E. Kahn professor of pc science and public affairs at Princeton University and former chief technologist at the FTC, mentioned the FTC at this time would not have the resources it desires to deal with present day information safety enforcement difficulties.

To additional empower the FTC, Felten voiced assistance for allowing for civil penalties for initial-time violations of certain statutes in the FTC Act, these as Segment five, which states that unfair or deceptive procedures affecting commerce are illegal. The absence of initial-time penalties helps make the FTC Act a “weak deterrent,” he mentioned.

In addition, Felten mentioned Congress could authorize information safety rulemaking so the FTC can clarify what is predicted of corporations, as perfectly as funnel extra sources to the FTC for information safety and know-how initiatives.

“The successful FTC of the upcoming is 1 that has much better authority, enhanced sources and bigger technological capability,” Felten mentioned.

Also this 7 days

  • Facebook’s outage earlier this 7 days was caused by configuration adjustments on spine routers coordinating site visitors concerning the company’s information facilities, according to a information launch. The adjustments interrupted communication concerning the information facilities, which brought providers throughout Fb platforms which includes Instagram, WhatsApp and Oculus to a halt for hours Monday. Fb promises destructive exercise was not to blame for the outage and mentioned no information was compromised during the downtime.
  • Prompted by considerations from advertising and publishing partners, Google will prohibit adverts for content spreading misinformation pertaining to local climate alter. According to a information launch, Google will block content that “contradicts perfectly-established scientific consensus all-around the existence of local climate alter,” which includes content that phone calls local climate alter a hoax or rip-off.

Makenzie Holland is a information author masking big tech and federal regulation. Prior to signing up for TechTarget, she was a standard reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Vendor.