On September 22, 2010, the Federal Trade Commission (FTC) testified before a subcommittee of the Senate‘s Commerce, Science and Transportation Committee and recommended that proposed data security legislation introduced by Senators Pryor (D., AR) and Rockefeller (D., WV) (The Data Security and Breach Notification Act of 2010, S.3742) be modified to extend its requirements and FTC enforcement authority to telecommunications common carriers. The FTC‘s testimony is linked here: FTC Testimony.

This is the latest in a series of FTC actions which indicate the agency has growing concerns about the amount of personal information handled by common carriers and the agency‘s inability to take enforcement action against such carriers.  The proposed Data Security and Breach Notification Act of 2010 is one of several pieces of proposed data security bills now pending in Congress. It would require a broad array of commercial and nonprofit entities to

1. Implement reasonable data security policies and procedures, and
2. Notify consumers of a security breach involving electronic records.

It also would require covered entities to offer credit reports and monitoring services to consumers impacted by a data breach. The proposed legislation also would give general concurrent enforcement authority to the FTC and state attorneys general.

If you have any questions about the information contained in this advisory, or need assistance with related regulatory or legal matters, please contact the firm at mail@commlawgroup.com.