Trump FTC Nominees Highlight Privacy, Data Security Enforcement

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

President Donald Trump’s four Federal Trade Commission nominees told a Senate committee Feb. 14 that the agency’s role in protecting data security and privacy should remain a centerpiece of its consumer protection mission.

Joseph Simons (R), Christine Wilson (R), Noah Phillips (R), and Rohit Chopra (D) answered questions on antitrust, consumer protection, and data security and privacy enforcement during their Senate Commerce, Science and Transportation Committee confirmation hearing.

Simons is slated to become the next FTC chairman. He would replace acting Chairman Maureen Ohlhausen (R), who Trump intends to nominate to the U.S. Court of Federal Claims.

Expanding FTC Authority?

The FTC—which has been operating with just two out of five commissioners, one Republican and one Democrat, for a year—is the nation’s chief data security and privacy protection agency.

But it can’t directly fine companies over privacy and data security violations. Instead, it reaches settlements with companies that, in some cases, agree to payments as part of the deal.

Simons said under questioning from Sen. Richard Blumenthal (D-Conn.) that authorizing the FTC to levy fines could be an effective deterrent—and an incentive for companies “to take care of consumer data as they should.” Consumers need more protection from data breaches, Simons said.

Blumenthal last year introduced a bill, the Data Breach Accountability and Enforcement Act of 2017 (S. 1900), that would give the agency civil monetary forfeiture power. The bill as yet has no cosponsors.

Equifax Case

Under questioning about the Equifax Inc. data breach that exposed the data of about 143 million Americans, the nominees declined to directly discuss the case because the company is currently under FTC investigation.

But they all said they are committed to the agency’s data security and privacy mission in response to questions from Sen. Catherine Cortez Masto (D-Nevada).

Simons, however, said the agency should focus efforts where consumers need them the most.

Data breaches are becoming much more prevalent in the private-sector, and the FTC “needs to pay close attention” to them, Simons said. But the agency must “get the biggest bang for tax payers’ dollars,” focusing enforcement on where harm is the greatest, he said.

The FTC’s authority to take action after a data breach based on potential—rather than actual consumer harm—has been the subject of ongoing litigation.

Lawmakers reiterated concerns over how long it took Equifax to report its breach, which was allegedly discovered July 29 but not disclosed until Sept. 8.

“Several weeks after a major breach of personal data doesn’t sound like it is fast enough” of a response to regulators and consumers, Chopra said in response to questions from Sen. Maria Cantwell (D-Wash.).

Committee Chairman John Thune (R-S.D.) and Ranking Member Bill Nelson (D-Fla.) agreed privacy and data security enforcement should remain an FTC focus. The agency must bring deception and unfairness claims where there is “substantial harm” to consumers, Thune said.

The FTC at full strength consists of five commissioners. Even if the four nominees are confirmed, the FTC will lack a fifth commissioner. No more than three of any political party may be on the commission, so the next nominee would have to be a Democrat, independent, or from a third party.

Thune wants the committee to vote on the four nominations as soon as its next meeting. They will likely get “bundled” with a fifth nominee when it comes time to confirm them on the Senate floor, he said.

If approved, Simons would fill the slot of Commissioner Terrell McSweeny (D), who has stayed on a hold-over appointment since September 2017.

With assistance from Alexei Alexis in Washington

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: Donald Aplin at daplin@bloomberglaw.com

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security