BreachExchange mailing list archives
CRS sheds light on enforcement authority in data breach notification legislation
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 7 Jan 2016 19:26:01 -0700
http://www.fiercegovernmentit.com/story/crs-sheds-light-enforcement-authority-data-breach-notification-legislation/2016-01-05 As lawmakers return to the Hill, several data security and breach notification bills remain up for consideration in the 114th Congress. Among the major legal issues members of Congress must consider in proposed legislation is the existing jurisdiction and enforcement authority of the Federal Trade Commission and the Federal Communications Commission, reported the Congressional Research Service. Most of the bills would task FTC with most of the enforcement duties, said a recent CRS report (pdf), but the legislation differs on whether the FCC should retain its existing enforcement authority over data security and breach notification for telecommunication providers. The transparency group Federation of American Scientists obtained the report and made it publicly available. The FTC's enforcement authority comes from its "unfair or deceptive acts or practices" oversight – which excludes companies the FCC classified as "common carriers." Meanwhile, the FCC is allowed enforcement actions against common carriers as authorized by its rules for protecting customer proprietary network information and Communications Act requirements that "charges, practices, classifications, and regulations" be just and reasonable, said the report. Some bills, such as Rep. Marsha Blackburn's (R-Tenn.) H.R. 1770, would expand the FTC's jurisdiction and eliminate some or all of the FCC's ability to enforce its existing data security rules. With the exception of regulations covering 911 calls, all common carrier data breach security and notice enforcement would come from the FTC, said CRS. "Removing the FCC's authority in this area may reduce the types of data that are subject to security and breach notification requirements, as compared with a proposal that imposes new requirements while maintaining the FCC's authority," said the report. CRS added that the bill's supporters "have emphasized the benefits of imposing a uniform, predictable standard across all covered entities," while opponents argue that "restricting FCC authority weakens consumer protection by eliminating clear, predictable rules with which companies are accustomed to complying."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- CRS sheds light on enforcement authority in data breach notification legislation Audrey McNeil (Jan 08)