FTC Commissioner supports national data security standard

Be the first to comment | This entry was posted in Public Policy

A member of the Federal Trade Commission told retailers at an NRF meeting last week that she would support a national standard for data security.

FTC Commissioner Pamela Harbour spoke Wednesday as top lawyers from the nation’s major retail companies gathered at NRF headquarters in Washington for a meeting of the NRF General Counsels Forum.

Harbour, asked to address how the FTC has become “more activist,” discussed the commission’s interest in privacy issues in detail, saying officials previously treated privacy as a matter of data security but are now taking a much broader look. She cited the need for national, uniform data security legislation as well as what she described as “omnibus privacy legislation,” saying the lack of clear national privacy standards impedes the competitiveness of U.S. companies abroad, especially in Europe.

Harbour discussed at length several of the commission’s recent enforcement actions resulting from high-profile data breaches including the DSW and TJX cases.

Harbour also expressed interest in NRF’s concerns about “PCI” data security standards mandated by the credit card industry, inviting NRF to outline the issue in a letter and offering to meet with NRF. NRF and other groups earlier this month asked the Payment Card Industry Security Standards Council, run by MasterCard, Visa and other major credit card companies, to give merchants a larger role in setting the standards.

Harbour also briefly touched on the FTC’s self-regulatory guidelines for online behavioral advertising.

Asked her opinion of the business community’s progress in adopting the guidelines to date, Harbour said she believes businesses are not moving forward quickly enough.

Harbour stopped short of saying the FTC is considering any mandatory regulations. But the agency had indicated in February that voluntary guidelines were a way to avoid the need for mandatory rules. Several groups are working closely with the commission to iron out the functional framework for cross-industry implementation of the guidelines.

Behavioral advertising is the practice of collecting information about consumers’ online shopping and then using the information to offer targeted advertising of products or special offers such as books or movie recommendations based on previous purchases.

The FTC guidelines recommend among other provisions that distracting “pop-up” warnings appear virtually anytime information is being collected from consumers. NRF and Shop.org, NRF’s digital division, have long argued that pop-ups would be so frequent and frustrating they could discourage many consumers from shopping online.

The FTC said in February that online retailers wouldn’t be subject to the guidelines as long as their behavioral advertising only uses “first party” and “contextual” information gathered on their own web sites. But in cases where retailers share information with third parties or use information obtained from third parties, they would still be subject to the guidelines. And retailers must still provide “reasonable security” for any data collected and comply with existing privacy laws. The agency also expanded the guidelines, first issued early last year, to apply not just to “personally identifiable information” but rather to virtually all data collected regardless of whether it can be linked to a specific individual.

In another development, the House Energy and Commerce Committee last week held a subcommittee hearing on behavioral advertising where executives from Facebook, Google, and Yahoo were called upon to explain their practices. NRF and Shop.org were among 17 organizations that signed a letter to committee members urging Congress to “use extreme caution” in passing any legislation that would address behavioral advertising or broader online privacy.

“We acknowledge that there are important issues around online privacy that Congress is looking into, issues that industry takes seriously as well,” the groups said. “During your deliberations, however, you must take into account the full universe of industries, companies and jobs that could be impacted by potential legislative or regulatory action as well as the practical effect such changes will have on all end users of technology.”

“At a time when the U.S. economy continues to struggle,” the letter said, Congress should not impose “duplicative, inconsistent, ineffective or even harmful regulations that could adversely affect consumers and businesses.”

The article above is reprinted from the current issue of Washington Retail Insight, NRF’s weekly e-newsletter covering public policy issues affecting the retail industry. NRF members, read the rest of the newsletter.

Posted in: Public Policy and tagged , , , , ,
Interact: Permalink | Post a comment

Post a Comment

  • Posting Policy

    NRF welcomes intelligent discussion and debate from our community. We do insist that all comments must be expressed in a mature and civil tone of voice. Individuals posting rude or otherwise inappropriate material will lose their access to the discussion.

    Thank you,

    Note: While anonymous comments are welcome, they are also moderated and may not be posted immediately. If you don't see your comment, please be patient, as it will be reviewed and posted soon if appropriate. Please do not post your comment a second time. Thank you.

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>