Congress Cybersecurity & Tech

FTC Seeks New Privacy Authority

Paul Rosenzweig
Wednesday, December 4, 2013, 12:33 PM
Lawfare readers will recall that I earlier blogged about the Federal Trade Commission's case against Wyndham Hotels.  Under the mantle of its consumer protection mandate, the FTC has sought to impose civil penalties against those companies who do not adequately protect the personal information of consumers.  Wyndham is challenging that authority, arguing that the FTC is not, de jure, a national setter of cybersecurity standards.  I called it the "most important cybersecurity case you've never heard of." That m

Published by The Lawfare Institute
in Cooperation With
Brookings

Lawfare readers will recall that I earlier blogged about the Federal Trade Commission's case against Wyndham Hotels.  Under the mantle of its consumer protection mandate, the FTC has sought to impose civil penalties against those companies who do not adequately protect the personal information of consumers.  Wyndham is challenging that authority, arguing that the FTC is not, de jure, a national setter of cybersecurity standards.  I called it the "most important cybersecurity case you've never heard of." That may not be true if Congress acts.  Perhaps anticipating a loss (or, more likely, in a "belt and suspenders" type maneuver) the FTC yesterday testified on Capitol Hill seeking additional statutory authority.  According to the National Law Journal:
[FTC Chair Edith] Ramirez said she favors making the FTC the sole federal agency in charge of enforcing a uniform set of national data breach notification requirements. Such requirements would compel businesses to notify consumers of a data breach promptly, and also to notify credit bureaus. The FTC has urged Congress to give the agency civil penalty authority against companies that fail to maintain reasonable security.
Passage of such legislation would more or less moot Wyndham's challenge.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare