Alden Abbott writes:
AbstractOver the past decade, the Federal Trade Commission, the federal government’s primary consumer protection agency, has pursued over 50 enforcement actions against companies that it deemed had “inadequate” data security practices. However, data security costs due to FTC actions will be passed on at least in part to consumers and should be weighed against the benefits in reduced data breaches. The FTC should carefully consider whether its current policies in this area are cost-beneficial and whether specific reforms would advance the public interest in enhancing data protection in a less burdensome, more welfare-enhancing fashion. The focus should be on punishing data thieves, not on imposing excessive regulatory burdens on legitimate businesses—burdens that could weaken the private sector and impose unwarranted costs on consumers.
Read more on Heritage Foundation.
The focus should be on punishing data thieves, not on imposing excessive regulatory burdens on legitimate businesses…” ? When the data thieves are international, beyond the scope of US law enforcement, and access information because of the lax if not totally careless manner in which data is secured by businesses, the businesses are no longer “legitimate.” Rather than relax regulatory burdens, they should be made more onerous; willful neglect should be a punishable crime in all aspects of corporate data security, not only medical through HIPAA, but in FCRA, GLB, COPPA, or we give up the battle even before its enjoined.