FTC Describes its Oversight of Consumer Reporting Agencies’ Data Security Practices In Testimony before House Oversight and Reform Subcommittee
Testifying before a House Oversight and Reform Subcommittee, the Federal Trade Commission described its role in overseeing the data security practices of consumer reporting agencies (CRAs).
In testimony before the Subcommittee on Economic and Consumer Policy, the FTC described its experience enforcing data security laws against CRA, as part of the agency’s broader efforts over nearly two decades to address data security through law enforcement, policy initiatives, and consumer and business education.
The testimony, delivered by Bureau of Consumer Protection Director Andrew Smith, states that since 2001, the Commission has promoted data security in the private sector by enforcing Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices, as well as other laws and rules, such as the Fair Credit Reporting Act (FCRA) and the FTC’s Safeguards Rule.
The FCRA requires CRAs to use reasonable procedures to ensure that the entities to which they provide consumer reports have a permissible purpose for receiving that information. Under the Gramm-Leach-Bliley (GLB) Act, the Safeguards Rule requires some non-bank financial institutions, including CRAs, to safeguard nonpublic personal information.
According to the testimony, the Commission agrees with the Government Accounting Office’s recommendation that providing the FTC with civil penalty authority for violations of GLB’s Safeguards Rule would give the FTC a practical enforcement tool that would benefit consumers. Beyond GLB, the Commission has long called for comprehensive data security legislation that would give the agency additional tools such as civil penalty authority, jurisdiction over common carriers and non-profits, and targeted rulemaking authority under the Administrative Procedure Act, the testimony explains.
The testimony notes that the FTC also uses policy initiatives, such as workshops, reports, and rulemaking, to promote data security, including among CRAs. The agency also provides extensive guidance on data security to businesses and consumers.
The Commission vote approving the testimony and its inclusion in the formal record was 5-0.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.