Andrew Smith, the FTC’s chief of the Bureau of Consumer Protection, made a blog posting, New and improved FTC data security orders: Better guidance for companies, better protection for consumers. The posting discusses “three major changes” the Commission has undertaken to “improve data security practices and provide greater deterrence, within the bounds of [its] existing authority.” Although the blog and the noted changes are focused on enforcement orders, we have some additional insights now into where the Commission is likely to go with the revised Safeguards Rule. Smith’s blog post notes three changes in enforcement orders under FTC Chairman Simons. “First, the orders are more specific…Second, the orders increase third-party assessor accountability…Third, the orders elevate data security considerations to the C-Suite and Board level.
Eric J. Ellman is Senior Vice President for Public Policy and Legal Affairs at the Consumer Data Industry Association (CDIA) in Washington, DC. He also served for eight months as Interim President and CEO of the Association. More