WASHINGTON—The Federal Trade Commission supports the civil penalty authority outlined in proposed data security legislation, but also wants the definition of consumer information expanded in the bill.
Testifying Wednesday before Congress on the data security legislation pending before the Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee, FTC Consumer Protection Director Jessica Rich highlighted the Commission’s support for data security legislation overall.
“The need for companies to implement strong data security measures is clear: if sensitive information falls into the wrong hands, the results can be devastating,” said Rich.
In the testimony, the Commission expressed support for the legislation’s goals of establishing broadly applicable data security requirements for companies and requiring them to notify consumers, in certain circumstances, of the breach of their data. The Commission also supports the proposed bill’s inclusion of FTC enforcement authority over both common carriers and non-profit entities related to data security and breach notification, and backs the civil penalty authority contained in the legislation for violations of the proposed bill.
Rich also outlined FTC concerns around the bill’s definition of personal information, recommending language include data like consumers’ geolocation and health data. Rich also explained that the legislation should address the entire data ecosystem, including Internet-connected devices.