The Federal Trade Commission closes 70 percent of all formal security investigations it opens on average, FTC Commissioner Maureen Ohlhausen said Tuesday.
Ohlhausen gave her insight on FTC’s previous private sector security breaches that caused stolen identities and data during a Heritage Foundation discussion on federal online data security regulation, and how the commission decides when it’s necessary to open an investigation.
“The touchstone of our data security is reasonableness,” Ohlhausen said. “A company’s data security measures must be reasonable, in light of the sensitivity and volume of the consumer information it holds, the size and complexity of its data operations, and the cost of the available tools to improve security and reduce vulnerabilities.”
The FTC chooses to investigate companies because of major concerns to their overall security programs, not after discovering a single flaw, she explained.
If a company’s security is “reasonable, or even good,” Ohlhausen said, and solves the problem quickly, the commission could close the investigation even if there is a single major specific failure. What matters most is the overall security of the program.
Take Morgan Stanley, for example, who the FTC investigated last year. After looking into a slip up in the financial corporation’s information security, the FTC found it had strong data protection efforts in place and subsequently closed its investigation.
While the FTC has found success with its investigations, some companies think the commission has gone too far with its regulations. Therefore, the FTC is working to find ways to balance privacy and oversight.
“The security of sensitive private information transmitted over the internet has become a matter of major public policy concern over the last decade…” Alden Abbott, deputy director of the Meese Center for Legal and Judicial Studies at the Heritage Foundation, said while introducing Ohlhausen.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.