FTC Urges Data-Breach Penalties

Bipartisan support for the idea within the commission may mirror the same in Congress, an FTC official says.
David McCannMarch 19, 2014
FTC Urges Data-Breach Penalties

Target’s recent series of data breaches inflicted a nasty bruise on its brand reputation, but the retailer’s pain would have been even worse had it been subject to civil penalties over the fiasco.


Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

And that’s just what the Federal Trade Commission would have preferred. FTC deputy director Daniel Kaufman said at a conference today that the commission is hoping Congress will see fit to legislate monetary consequences for breached companies, according to a VentureBeat article.

The idea has strong bipartisan support among the FTC’s five commissioners, and the same would likely prove true in Congress, Kaufman suggested.

It’s debatable whether a such a measure would have prevented the Target breaches, or if enacted will prevent future ones at other very large companies. The non-legislated but very real reputational penalties that accompany breaches at high-profile enterprises are enough that few take data security lightly anymore. Civil penalties might, though, sway smaller, less-well-known businesses toward greater vigilance.

The specter of breaches is arguably the hottest worry-inducing potentiality across the corporate world. Security must constantly be improved as hackers eventually find a way around virtually every barrier to entry. There’s nothing to suggest a change in that reality will transpire in the foreseeable future, so companies must embrace the notion that establishing protections for sensitive data is not a project but rather a permanent journey.