At a recent event hosted by the Identity Theft Resource Center, new-ish FTC Commisioner Terrell McSweeny (D), sworn in at the end of April, got her chance to weigh in on data security policy.
The Commissioner applauded President Obama's recent executive order, and the steps that may be taken in the retail sector. However, since "criminals will always adjust," McSweeny said at the Octboer 29 event, "the FTC supports comprehensive data security and breach notification legislation that would create strong and consistent national standards; strengthen the FTCs enforcement capabilities; and provide consumers notice of when a breach occurs so they can better protect their information."
MRA of course agrees with her that, "National data security and breach notification legislation is a win-win for consumers and businesses. National standards would simplify compliance for businesses, while also giving consumers greater security." Even so, we differ with the FTC on a few details, such as the FTC's power to expand what might be deemed "personal information" by such legislation.
The Identity Theft Resource Center provides assistance to victims of identity theft, and continuously tracks data security breaches in the U.S. According to the Center's numbers, there have been 4,854 breaches this year, exposing 669,680,671 records.