Certain types of data—health, financial, personal...
Certain types of data -- health, financial, personal communications -- deserve better protections under the law, said FTC Commissioner Maureen Ohlhausen during a Georgetown University event Tuesday on privacy and big data. “There’s a reason that health data and financial…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
data … have traditionally had greater protection than general data,” Ohlhausen said during a Q&A after her speech. “It reflects a societal consensus … that these data are a little bit different,” she said. Which is, in part, why data security standards should vary based on industry expectations, she said in response to a question. The FTC should not be saying, “Set your security settings to this level or have this kind of elaborate protection,” she said. “It’s more to have a process-based approach.” If the FTC had rulemaking authority in this area, Ohlhausen would instead want “to require companies to have a process in place to assess what information they have,” figure out “who has access to it” and if they have antivirus software and breach protocol commensurate with industry standards. Ohlhausen’s speech Tuesday hit on many of her favorite themes: regulatory humility, ensuring the commission identifies substantial consumer harm before taking action, and developing a more explicit data security enforcement framework. “The FTC’s data security enforcement framework is not perfect,” she said. “I would like to develop more concrete guidance to industry, for example. But I haven’t seen anything that suggests big data technology raises fundamentally new data security issues.”