Aug. 20 — Although it has investigated hundreds of data breaches, the Federal Trade Commission has taken enforcement action in only a small percentage of cases, FTC Commissioner Julie Brill said Aug. 18.
“The bit of good news I'd like to bring is, hundreds of companies come before us, and we have not taken action,” Brill said at a panel on data security at the Aspen Forum, which was sponsored by the Technology Policy Institute, a Washington-based think tank.
“We realize stuff happens in this space, and we are not looking for perfect security,” she said. “You can't protect from everything.”
The FTC takes action against “companies that didn't engage in very reasonable practices, didn't patch known vulnerabilities and that engaged in activities that really fell below the reasonableness line,” Brill said.
The FTC has brought 53 data security cases under Section 5 of the FTC Act, she said.
“The FTC has become in effect the national enforcement agency dealing with data security,” Brill said.
The FTC's authority to bring data security enforcement actions has come under fire in some quarters, including in legal actions involving Wyndham Hotels and Resorts LLC and LabMD Inc.
Ninety-two percent of data breach cases fall within nine “garden-variety” categories, said Craig Silliman, senior vice president for public policy at Verizon Communications Inc., citing the company's experience in preparing data breach reports. “The risks aren't as varied as you might think, and they differ by industry,” he added.
The latest Verizon data breach report cites the nine categories as: point-of-sale attacks, Web application attacks, insider misuse, physical theft or loss, malicious software, card skimmers, operating system attacks, cyberespionage and miscellaneous errors.
Panel moderator Alan Raul, a partner and lead global coordinator for privacy, security and information law at Sidley Austin LLP in Washington, said that “nobody is safe” from data breach risks.
Raul said there is a long list of companies, government agencies and other entities that have been the victims of data breaches. “Most of them have been trying very hard to safeguard their information,” he said.
White House Cybersecurity Coordinator Michael Daniel said data breaches are a national threat “and not a problem that any one part of the federal government, nor the federal government alone, can solve.”
He said as the White House is “getting down to the brass tacks” of the cybersecurity issue, consideration has to be given to the implications for consumer privacy.
Brill agreed. “Privacy and data security are two sides of the same coin,” she said.
Nick Rossi, deputy staff director for the minority staff on the Senate Committee on Commerce, Science and Transportation, said he hopes the Senate will pass cybersecurity legislation.
“But privacy is the thorny issue,” he said.
A cyberthreat information-sharing bill awaiting action by the Senate is getting strong support from the U.S. Chamber of Commerce and other leading industry associations, despite unresolved regulatory issues and other privacy concerns.
To contact the reporter on this story: Tripp Baltz in Aspen, Colo. at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Further information on the Technology Policy Institute's Aspen Forum is available at https://www.techpolicyinstitute.org/aspen2014/.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).