Will Lawmakers Use The Target Hack To Give The FTC More Power?

Get the WebProNews Newsletter:

Will Lawmakers Use The Target Hack To Give The FTC More Power?
[ Business]

Target, one of the nation’s largest retailers, suffered a major security breach over the holiday shopping season that affected millions of its in-store customers. In fact, it’s estimated that 40 million dedit and card card accounts were stolen. It’s already a given that Target will be paying for this breach of trust for years to come, but will it lead to even stricter scrutiny and government regulation?

Well, it certainly seems that way if some members of Congress are to be believed. In the week since it was revealed that Target was hacked, lawmakers have been calling for action. For some, that action will simply be an investigation into the hack itself. For others, they’re playing around with the idea of giving the FTC additional powers to punish companies.

Do you think the FTC needs more power? Does the Target hack make new powers necessary? Let us know in the comments.

One senator in particular – Sen. Richard Blumenthal – has called upon the FTC to act in a recent open letter sent to FTC Chairwoman Edith Ramirez:

I write to urge you to immediately open an investigation into Target Corporation’s recent reported data security breach, which may have exposed the credit and debit card information of 40 million Target customers this holiday season. If Target failed to adequately and appropriately protect its customers’ data, then the breach we saw this week was not just a breach of security; it was a breach of trust. The Federal Trade Commission (the FTC or the Commission) has the authority and the responsibility to investigate and address this kind of event, and I urge you to look into this case immediately.

Next, Blumenthal says that the FTC Act gives the agency the authority to investigate Target’s security policies. He encourages the agency to use this power to immediately look into how Target secured its data and if the retailer could have done more to secure its customers’ data:

As you know, section 5 of the Federal Trade Commission Act (15 U.S.C. § 45) gives the FTC jurisdiction to investigate companies’ privacy and information security policies, procedures, and practices. Given the scope and duration of Target’s recent data breach, it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information. A breach of this size indicates that somebody gained extensive and unfettered access to customer information held by Target. The fact that the intrusion lasted for more than two weeks indicates that Target’s procedures for detecting and shutting down an effort to steal customer data does not live up to a reasonable standard. If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information. Its conduct would be unfair and deceptive, and it would clearly violate the FTC Act.

Now, here is where things get interesting. Later in the letter, Blumenthal says the FTC needs more power to prevent something like this from happening again. How? He suggests that the agency be given the power to impose sanctions on Target and other retailers that don’t do enough to protect their data.

While it is clear that the FTC has the authority to investigate breaches like the one that occurred at Target stores, it is equally clear that the Commission needs additional authority to impose sanctions sufficient to fully punish and deter the conduct that leads to such breaches. The breach at Target highlights how vast and damaging data breaches can be. The FTC should be able to respond to breaches like this with penalties commensurate to the potential harm. I look forward to working with my colleagues in the Congress and with the Commission to ensure that the Commission has all the sanction authority it needs to carry out its mission effectively.

At this point, lawmakers are on the warpath. It’s pretty obvious that Blumenthal wants to make an example out of Target and the retailer should be held responsible for what happened. What needs to be considered, however, is the idea that Target may not have been fully prepared for whatever techniques and tools the hackers used to obtain the the credit and debit card data of 40 million Americans.

Should Target have been prepared for every possible privacy breach and attack? In a perfect world, yes. Unfortunately, we live in a world where the tools used by hackers and data thieves are often outpacing the advances in security. It doesn’t help that our government only imposes optional security guidelines for companies to follow and some may not follow all the guidelines in order to save a few bucks.

What we’re looking at here then is a government that’s trying to fix a problem that has two solutions. One is the solution given to us by Sen. Blumenthal in which he calls for the FTC to be given more power to prosecute those who don’t adequately protect consumer information. The second solution would be to improve our cybersecurity standards and force companies to adopt the strictest measures to protect consumer data. Unfortunately, the only bill that would do that is the ill-fated CISPA and it contains too many privacy problems of its own to make it a worthy candidate.

Consumer privacy is becoming all too important in today’s world of electronic transactions. While Target may not have been the first company to be hit by hackers, it’s one of the largest thefts of consumer data to ever occur. Over the next few months, the retailer will have a lot of explaining to do. The government will be overseeing that explanation and will dole out what it feels is a proper punishment. We can only hope the punishment doesn’t get in the way of real cybersecurity reform that would prevent an attack of this scale from ever happening again.

Should the FTC be given more power to punish privacy breaches? Or should lawmakers focus on updating our cybersecurity standards? Let us know in the comments.

Image via Wikimedia Commons

Will Lawmakers Use The Target Hack To Give The FTC More Power?
Top Rated White Papers and Resources
  • http://www.seventhman.com/ Shaleen Shah

    To answer your question, I think that if it’s done for the best interest of the majority – then, why not? But fact is, in the fast-paced world where technology is concerned, laws can barely catch up and if they do, there are just blurred lines.. I guess, it’s a work-in-progress for everyone though.

    • Please

      It is funny. Everyone is looking to “hackers’ as the cause of the Target theft, but everyday in this nation, government officials are capturing every keystroke, telephone conversation, and email message that every American citizen is doing.

      We always hear about these cyber attacks but we never see people go to prison for them. I have a suspicion that may of the hackers are government employed. Think about it. They are capturing eveyr piece of data. All you would need to do is target a few select servers to capture key information. At the end of the day, do you really believe the government would investigate itself? Do you ever think they would actually come out and say — hey someone from the NSA is stealing credit card information from Americans? It would cripple their program. Don’t tell me they have control over what is going on either. Snowden walked out with millions of documents. Not ten documents, not hundreds of documents, not thousands, but millions.

      America, be logical. Look directly at the people who are collecting the most internet data every day in this nation — people in the government.

      • Ever Notice

        Yep, I agree. Few people ever look at what is right in front of their face. All this cyber theft. Very few arrests. But meanwhile, all this government spying.

        I am an IT consultant. I don’t trust for a minute what the government is doing. Snowden did the right thing and I fear he even knows more about how just how deep all this stuff goes. The man acquired over 1.7 million documents. Can you imagine what he has information about? He might even have stuff he doesn’t even know about because he literally has not read all of the documents yet.

        What if Snowden has documents which show 9/11 was an inside job? After all, he already mentioned the NSA went after journalists who spoke out against the official story of 9/11.

        I am a nobody. But I am very street smart. You have all these hidden thefts on one side of the equation. On the other side, you have people collecting massive amounts of personnel and business data. It is not a stretch to put two and two together. It does not even have to be the NSA doing …. but one or two agents doing it. That is what we forget. It doesn’t take many people. It takes just a rogue element in any organization.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom