FTC wants Congress to punish companies for being hacked

NEW YORK — Daniel Kaufman, FTC deputy director, wants to penalize companies that experience major security breaches.

The Federal Trade Commission is tasked with protecting American consumers, a major piece of which involves safeguarding their data. That also means history’s least productive Congress must try to keep up with one of the most rapidly changing industries so the FTC has relevant regulations to enforce.

But there’s reason to be optimistic, according to Daniel Kaufman, who serves as deputy director of the agency’s bureau of consumer protection.

The FTC is headed by five commissioners from both political parties who have “unanimously supported data security for some time now,” said Kaufman in conversation with GigaOM writer Jeff Roberts at the Structure Data conference today.

There’s reason to believe that bipartisan support is reflected in Congress, he added.

“Particularly data security is an area [where] we are seeing a little more traction as an issue Congress might do something [about],” said Kaufman. “Recent breaches have highlighted the issue big-time.”

One item on Kaufman’s wishlist is civil penalties for companies that experience substantial data breaches. If the agency could dole out civil penalties to data security offenders, he reasons, they would be more inclined to have an effective data security framework upfront, making large-scale data breaches less likely.

But the FTC is not wholly reliant on Congress. Although the FTC is primarily a law enforcement agency, it also conducts investigations and studies. Right now, for instance, it’s nearly done with a study of data brokers — business-facing entities that collect enormous amounts of consumer data. The report should provide some insight on how they’re getting the data, who they’re sharing it with, restrictions on the data’s use, and so on. Hypothetically, these actions can help inform lawmakers and help them pass productive legislation.

“[The data broker study is] a way to shed some light on this industry that has enormous effect on consumers but very little transparency,” he said. “The commission has been very supportive of legislation that would increase the transparency of data brokers.”

Kaufman also highlighted how imperative self-regulation and transparency are in an American industry that stands to lose business to foreign companies in this age of (justified) privacy skepticism. We need short, meaningful consumer disclosures, he said, not endless pages of legalese. Academics and trade associations can help draft and implement a uniform set of disclosure guidelines for tech companies, he added.

Although the FTC tends to focus on the negative side of big data, Kaufman admitted, there is huge innovation in the $50 billion global industry that has the capacity to dramatically improve lives.

“We are very focused on making sure we are not stifling innovation,” he said. “We want to make sure there’s privacy out there, but we are aware there are huge benefits.”

Stay tuned to VentureBeat for more live coverage from GigaOM’s Structure Data conference.