February 5, 2015
The Honorable Edith Ramirez
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Dear Chairwoman Ramirez:
On behalf of the National Consumers League, America’s pioneering consumer and worker advocacy organization, I would like to commend you for the leadership that the Federal Trade Commission (FTC) shown in protecting the security of consumers’ data.
As you are aware, however, data breaches continue to affect tens of millions of consumers every year. Negative impacts of these breaches can range from the simple inconvenience of replacing compromised credit cards, to an increased risk of identity theft, to the disclosure of sensitive corporate intellectual property. More remains to be done to safeguard the security of Americans’ personal information. As President Obama made clear in his State of the Union speech “[n]o foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.” Congress has held numerous hearings, including one today in the Senate Energy & Commerce Committee, that seek solutions to this data security crisis.
Through more than fifty enforcement actions, the FTC has held the caretakers of consumers’ sensitive personal information to account when they fail to adequately protect that data. Since you assumed the chairwomanship in 2013, the FTC has organized several workshops aimed at examining privacy and security implications of emerging technologies such as the “Internet of Things,” mobile devices, and “Big Data.” These important events have done much to build a record of public input that has helped inform the FTC’s work and the actions of businesses and other organizations throughout the country.
Given the success of past FTC workshops and the scope of the data breach problem, we strongly urge the Commission to consider organizing a workshop focused solely on the issue of data beaches. Specifically, we would like this workshop to convene cybersecurity experts, leaders from the consumer advocacy and law enforcement communities and representatives from the retail, banking, credit rating and technology sectors. The goal of such a workshop should be to create a record that the Commission can use to understand how well existing voluntary guidelines, self-regulatory regimes and cybersecurity technologies are working to protect consumer data. The event would also assist the Commission to develop guidance for businesses and other entities on how comply with Section 5 of the FTC Act by better protecting their customers’ data.
I look forward to continuing to work with the FTC as it moves forward on its important data security agenda. Should you have any questions, please do not hesitate to reach out to me at your convenience.
National Consumers League
cc: The Honorable Julie Brill
The Honorable Terrell McSweeny
The Honorable Maureen K. Ohlhausen
The Honorable John Thune
The Honorable Joshua D. Wright
 Federal Trade Commission. “FTC Seeks Input on Privacy and Security Implications of the Internet of Things,” Press Release. April 17, 2013. Online: http://www.ftc.gov/news-events/press-releases/2013/04/ftc-seeks-input-privacy-and-security-implications-internet-things
 Federal Trade Commission. “FTC to Host Public Forum on Threats to Mobile Devices on June 4,” Press Release. February 22, 2013. Online: http://www.ftc.gov/news-events/press-releases/2013/02/ftc-host-public-forum-threats-mobile-devices-june-4
 Federal Trade Commission. “FTC to Examine Effects of Big Data on Low Income and Underserved Consumers at September Workshop,” Press Release. April 11, 2014. Online: http://www.ftc.gov/news-events/press-releases/2014/04/ftc-examine-effects-big-data-low-income-underserved-consumers