FTC Chairman Edith Ramirez said last week said the agency would take action against companies that fail to safeguard consumers’ sensitive personal information, pointing to the ongoing case against Wyndham Hotels.
Over the past 18 months, the Wyndham hotel chain has suffered three security breaches—the result of, according to the FTC, “unreasonable security practices.” A court ruled in April that the agency has the authority to litigate cases to protect consumers under the FTC Act.
Speaking before The Media Institute in Washington, D.C., Ramirez called on lawmakers to pass a national data breach standard and data security law.
“Among other things, we believe it is essential that such a law both require companies to notify consumers in the event of a breach and give the FTC the power to seek fines in appropriate cases in which companies have failed to implement reasonable data security safeguards—authority that we generally lack today,” Ramirez said in prepared remarks. “Allowing the FTC to seek civil penalties for violations is an important deterrent against lax security practices.”
Ramirez said that in addition to securing consumer information that is collected, the financial services industry and public sector should work to develop tools to provide consumers with greater control over the collection and dissemination of their personal data.
“There is overwhelming evidence of a hunger for such tools,” Ramirez said. “The growth of sensing and tracking technologies means that now is the time to strengthen tools, such as do-not-track mechanisms, that give consumers a way to easily control who gets access to their data.”