May 09, 2014

FTC head calls for federal data security law

May 12, 2014 – In a speech before the Media Institute last week, Federal Trade Commission Chairwoman Edith Ramirez said federal law on data security should require that companies notify consumers in the event of a data breach.

"Our bipartisan Commission has called on Congress to enact a strong national breach notice and data security law," Ramirez said. "Among other things, we believe it is essential that such a law both require companies to notify consumers in the event of a breach and give the FTC the power to seek fines in appropriate cases in which companies have failed to implement reasonable data security safeguards – authority that we generally lack today."

Ramirez also spoke about the need to protect consumer information across different mobile platforms and operating systems.

The Federal Financial Institutions Examination Council said last week that member agencies will conduct cyber security-related vulnerability and risk-mitigation assessments of regulated institutions later this year.

NAFCU was the first financial trade association to call for national data security standards for retailers in the wake of the massive Target corporation breach. Credit unions and banks are already subject to such standards under the Gramm-Leach-Bliley Act.