WASHINGTON—Leaders of the Federal Trade Commission (FTC) acknowledged the need for enhancements to consumer data security and privacy during a hearing held by a House Energy and Commerce subcommittee this week.
During the hearing held by the Subcommittee on Consumer Protection & Commerce, FTC Chairman Joseph Simons and four other commissioners discussed how much authority the FTC should have, and how state laws should work with federal law, reported NAFCU, which reiterated the trade association's principles to address consumer privacy and data security standards in a letter in to the subcommittee in advance of the hearing.
In the letter, Brad Thaler, NAFCU's vice president of legislative affairs, noted to subcommittee leaders the important role the FTC plays "in overseeing data security outside of the regulated financial services sector."
Push for Data Standard
As CUToday.info has reported, NAFCU has advocated for a national data security standard for all entities that collect and store consumers' personal and financial information that are not already subject to the same stringent requirements as depository institutions under the Gramm-Leach-Bliley Act.
In addition, Thaler shared the “guiding principles” NAFCU and credit unions would like to see incorporated in data security legislation, primarily to ensure consumers are informed of what data is retained and how it's protected, timely disclosure of breaches, and that negligent entities are held responsible when a data breach occurs on their end.
Simons testified earlier this week before a Senate Appropriations subcommittee. During that hearing, he asked for civil penalty authority to enforce data breaches through a targeted rulemaking rather than broad-based authority.