Congress should enact a national data breach standard as it continues pushing for federal privacy legislation, a Federal Trade Commission official said.
“The best thing we can do for privacy is” pass a national data breach law, FTC Commissioner Noah Phillips said March 14 during a fireside chat at the Brookings Institution.
Multiplicity of laws doesn’t help with privacy compliance, Phillips said.
Congress has felt pressure from the private sector to pass a national privacy law that would preempt 51 varying state and territory standards. Lawmakers from California, which has the nation’s strongest privacy law, say any federal bill shouldn’t weaken state protections. Democrats and Republicans have pushed for a federal privacy law, including data breach notification, in addition to increased FTC rulemaking and enforcement powers.
Phillips said he wants Congress to pass laws to cure privacy harms, but doesn’t think the FTC should have broad rulemaking authority that “gives too much discretion to people like me.”
Rulemaking authority should lie with Congress and focus on issues such as the Health Insurance Portability and Accountability Act (HIPAA) and the Childrens’ Online Privacy Protection Act (COPPA), he said.
The FTC commissioner warned about the anticompetitive effects of broad privacy laws. The European Union’s General Data Protection Regulation has “really expensive” compliance costs that harm smaller companies, Phillips said.