The Federal Trade Commission (FTC) has brought 52 enforcement actions involving data breaches. Fifty of those businesses, whose computer systems were illegally accessed by hackers, settled rather than fight FTC’s accusations that they acted “deceptively” or “unfairly” under § 5 of the FTC Act. And yet, the data breaches just keep on coming, with unlawful intrusions on Home Depot’s payment-card processing system and the federal HealthCare.gov website occurring just this past week. It’s high time the Commission utilized tools at its disposal aside from the enforcement hammer to address data security.
WLF is not the only organization advancing this notion. On March 25, 2014, Consumer Action, Consumer Federation of America, National Consumer League, and the Privacy Rights Clearinghouse wrote FTC Chairwoman Edith Ramirez, asking the Commission to “convene a public forum, bringing stakeholders together to discuss strategies for combating the growing threat of data breaches.”
FTC Commissioners routinely note in public statements that in addition to enforcement and advocacy, the Commission protects consumers and competition through education and information sharing. Public forums, workshops, and other events of the type the consumer groups sought in their letter have long been an integral part of FTC’s “educate and inform” function. Such events educate not only the public, but also the Commission and its staff. Continue reading