WASHINGTON — Corporate America is acting irresponsibly in protecting consumer data, Orson Swindle of the Federal Trade Commission (FTC) said today. The payback for that irresponsibility, he predicted, will be painful.
In impromptu comments made during a think-tank panel discussion on international cyber crime, Swindle, a Republican FTC commissioner, took broad swipes at both private enterprise and Congress for their efforts on consumer data protection.
”Everybody’s screaming, all the political figures up on [Capitol] Hill, about identity theft,” he said. ”It’s not identity theft, it’s the theft of information.”
And, he added, in today’s global, digital marketplace, that information is currency.
”While politicians raise hell about identity theft, what we’re really talking about is the failure to protect valuable currency,” Swindle said. ”Corporate boards better start paying attention, because they haven’t been.”
The daily headlines of various data breaches from ChoicePoint to Bank of America to several colleges and universities, he said, ”Indicates to me the industry has, to a great extent, been irresponsible, and somebody has got to pay.”
He suggested the first people to pay might be corporate lawyers.
The lax data protection, according to Swindle, is ”being driven in part by those general counsels who sit around and say, ‘Be careful about what you promise in privacy and information security because you might get sued for it.”’
Swindle called that attitude and said doing the right thing will minimize the problem.
”That is irresponsible. Do the right thing and we’ll have a heck of a less problem,” he said. ”That’ll give technology a chance to catch up and keep building better reinforcements in multi-layer defenses.”
One of the right things to do, according to Entrust CEO Bill Connor, is a uniform national breach notification law to cover consumers exposed to possible ID theft.