FTC Calls for Legislative Help to Protect Data in Senate Subcommittee Hearing (Feb. 4, 2014)
Although the consensus in yesterday’s Senate subcommittee hearing on “Safeguarding Consumers’ Financial Data” seemed to be around the shared responsibility of all stakeholders, including government, to protect financial data, the FTC specifically called for legislative action.
“While this testimony does not offer views on any particular legislation, the commission reiterates its bipartisan support for Congress to enact data security legislation that would strengthen its existing authority governing data security standards on companies, and require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach,” said Jessica Rich, FTC director of the bureau of consumer protection.
Protecting financial data is a battle that must be fought by the government, industry and consumers, alike, said U.S. Sen. Mark R. Warner (D-Va.), chairman of the Senate Banking Committee’s National Security and International Trade and Finance Subcommittee.
“This is a challenge that is only going to grow,” Sen. Warner said. “The hackers … throughout the world are not waiting on us to get our act together on this issue. They continue to strike us every day.” he continued. “We should not assume any single technology is a silver bullet solution. Technology evolves and we have to stay ahead.”
Merchants bear at least an equal cost of fraud as any other participant in the payment card system, but they have “only a portion of the ability” to reduce fraud, according to Mallory Duncan, general counsel and senior vice president, National Retail Federation. “We did not design the system; we do not configure the cards; we do not issue the cards,” he said. “We will work to effectively upgrade the system, but we cannot do it alone.”
Testifying on behalf of the American Bankers Association, James Reuter, executive vice president of FirstBank in Lakewood, Colo., said: “Banks, retailers, processors and all other participants in the payments system must share the responsibility of keeping the system secure, reliable and functioning in order to preserve customer trust.”
Reuter also expressed support for a national standard for data security and breach notification, as contained in S. 1927, the Data Security Act of 2014.
Representatives of the U.S. Secret Service, the U. S. Public Interest Research Group and the PCI Security Standards Council provided testimony at the hearing as well.