Friday, May 08, 2009

FTC Testifies on Data Security Bill, Peer-to-Peer File Sharing

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

The Federal Trade Commission strongly supports the goals of H.R. 2221, the proposed "Data Accountability and Trust Act," according to Acting Director of the Bureau of Consumer Protection Eileen Harrington, who testified May 5 before the House Energy and Commerce Committee Subcommittee on Commerce, Trade and Consumer.

If enacted, the new law would require companies to implement reasonable data security policies and procedures and to notify consumers when there has been a data security breach that affects them. The legislation also would give the Commission the authority to obtain civil penalties for violations.

Coverage of Data Stored on Paper

The FTC suggested that the data security legislation be extended to cover data stored on paper, as well as electronic data. It also recommended that certain provisions imposing obligations on information brokers be targeted specifically to address harms consumers may face when brokers sell information about them. These provisions should not displace existing legal protections, according to the agency.

For more information on the proposed "Data Accountability and Trust Act," see the May 7, 2009 entry, of Trade Regulation Talk.

Data Sharing Over P2P Networks

The agency's testimony also focused on the Commission's efforts to promote better security for sensitive consumer information and to prevent the inadvertent sharing of consumers' personal or sensitive data over Peer-to-Peer Internet (P2P) file-sharing networks.

Although P2P technologies hold potential benefits for computer users and businesses, the FTC said, they also can raise the risk that sensitive information will be made available over P2P networks, either through inadvertent sharing or through malware.

Enforcement Efforts

The FTC noted that the agency had brought cases related to P2P file sharing, had helped P2P software developers devise voluntary best practices to help consumers prevent inadvertent file sharing, and had continued to monitor efforts by companies to comply with these practices.

P2P File-Sharing Bill

Finally, Harrington stated that the Commission supports legislation placing restrictions on P2P file-sharing programs.

The proposed "Informed P2P User Act" (H.R. 1319) would prevent the inadvertent disclosure of information on a computer through the use of P2P file sharing software without first providing notice and obtaining consent from the owner or authorized user of the computer. The bill, introduced by Rep. Mary Bono Mack (R-Calif.), would authorize the FTC to enforce the law and to seek civil penalties for violations.

Text of the FTC's testimony is available here.

No comments: