Target’s recent series of data breaches inflicted a nasty bruise on its brand reputation, but the retailer’s pain would have been even worse had it been subject to civil penalties over the fiasco.
And that’s just what the Federal Trade Commission would have preferred. FTC deputy director Daniel Kaufman said at a conference today that the commission is hoping Congress will see fit to legislate monetary consequences for breached companies, according to a VentureBeat article.
The idea has strong bipartisan support among the FTC’s five commissioners, and the same would likely prove true in Congress, Kaufman suggested.
It’s debatable whether a such a measure would have prevented the Target breaches, or if enacted will prevent future ones at other very large companies. The non-legislated but very real reputational penalties that accompany breaches at high-profile enterprises are enough that few take data security lightly anymore. Civil penalties might, though, sway smaller, less-well-known businesses toward greater vigilance.
The specter of breaches is arguably the hottest worry-inducing potentiality across the corporate world. Security must constantly be improved as hackers eventually find a way around virtually every barrier to entry. There’s nothing to suggest a change in that reality will transpire in the foreseeable future, so companies must embrace the notion that establishing protections for sensitive data is not a project but rather a permanent journey.