Last December, Target came under scrutiny as more than 110 million customer’ information was exposed during one of the largest retail data breaches in recent years.
For the third time this week, the Federal Trade Commission testified before Congress on such data breaches.
FTC Chairwoman Edith Ramirez addressed the House Energy and Commerce Committee on Wednesday to highlight the agency’s work in promoting data security and emphasize its support of a strong federal data security and breach notification law.
“Never has the need for legislation been greater,” Ramirez said in her testimony. “With reports of data breaches on the rise, and with a significant number of Americans suffering from identity theft, Congress needs to act.”
The commission has several recommendations for Congress, one which suggests Congress enact a federal law requiring companies to notify customers when a security breach happens. While many states have breach notification laws, a federal law would ensure protection of all consumers.
According to the Bureau of Justice Statistics, 16.6 million people, or 7 percent, of Americans 16 and older were victims of identity theft in 2012.
FTC would support legislation that would give the commission a little more punch in its enforcement of breaches and violations. Currently, FTC only has the authority to seek civil penalties for data security violations involving companies that fail to protect children’s information under certain circumstances.
According to testimony, FTC would encourage legislation that would give it the ability to seek civil penalties and ensure its enforcement actions have the appropriate amount of weight behind them.
Ramirez said she and FTC look forward to continuing to work with Congress to promote “reasonable security” for consumer data.