Washington, DC - The Federal Trade Commission told the House Small Business Committee today that the agency is committed to protecting consumers and educating small businesses on ways to keep consumer data secure.

Testifying on behalf of the Commission, Acting Chairman Maureen K. Ohlhausen outlined the Commission’s efforts to protect consumers and help small businesses take steps to secure consumer data.

“Failing to take reasonable precautions to secure data from identity thieves and other malicious actors hurts consumers and legitimate businesses alike,” Acting Chairman Ohlhausen said in her written testimony. “Data breaches can harm a business’s financial interests and reputation as well as result in the loss of consumer confidence in the businesses to whom they entrust their data. In the case of small businesses, a data breach can be devastating.” 

Since 2001, the Commission has taken action in approximately 60 cases against businesses that it charged with failing to provide reasonable and appropriate protections for consumers’ personal information.

Acting Chairman Ohlhausen told the committee that FTC staff is working to provide the public with more information about the data security cases it closes. She said that such information would provide businesses, particularly small firms, with additional examples of what practices contribute to reasonable data security.

She also outlined the FTC’s extensive efforts to educate business and consumers on data security through blog posts, published guides, videos and workshops. In particular, the Commission provides businesses with user-friendly information to help them protect data in their care and understand what practices may run afoul of the FTC Act.

The Commission provides general business education about security issues, as well as specific guidance on emerging threats, such as tips to prevent phishing scams and ransomware. FTC guides for businesses on data security include the Protecting Personal Information: A Guide for Business, which was updated in November, and the Data Breach Response: A Guide for Business, which outlines steps businesses should follow when they experience a data breach.

One of the FTC’s most recent efforts is its Start with Security initiative, which includes a guide for businesses that summarizes the lessons learned from the FTC’s data security cases, as well as several short videos.  These materials discuss 10 important security topics and give advice about specific security practices for each topic.  As part of this initiative, the FTC hosted events across the country to bring business owners and app developers together with industry experts to discuss practical tips and strategies for implementing effective data security.

The Commission vote approving the testimony and its inclusion in the formal record was 2-0.