The Deadline is Approaching, Your Voice Can Make a Difference in Protecting Privacy

The U.S. Federal Trade Commission (FTC) is looking for public input regarding new cybersecurity regulations. (ISC)² members and trained cybersecurity professionals can provide valuable insight into best practices in protecting people’s privacy.  

The FTC is seeking public comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive. 

On August 22, the Federal Trade Commission (FTC) published its advance notice of proposed rulemaking (ANPR) . This is a request for public comment on commercial surveillance and data security practices. The timing coincides with Congress’ consideration of the American Data Privacy and Protection Act (ADPPA). 

According to the FTC it is “asking the public to weigh in on whether new rules are needed to protect people’s privacy and information in the commercial surveillance economy.” 

Among the topics covered, the ANPR addresses the range of personal data collected by companies, including specific information such as friend networks, menstrual cycles, web browsing and more. It also discusses how that information may be used. Additionally, the ANPR touches on how companies collect, store and manage personal data. The ANPR is a significant step for the U.S. as it paves the way for a review of data legislation similar to how other parts of the world, in particular the U.K. and E.U., have already addressed modernization of data laws and consumer data protection. 

One way our association can give back and help create a safe and secure cyber world is to lend our members’ expertise to help inform effective and intelligent policy. We encourage members with expertise in these areas to submit their thoughts to the FTC on this matter. 

There are more than 90 questions included in the request for comment in 10 categories including Harms to Consumers, Harms to Children, Regulations, Consumer Consent, and Notice, Transparency and Disclosure. Not all questions must be answered in your response and you can select those that pertain to your areas of knowledge.  

Questions related to cybersecurity include:  

• To what extent do commercial surveillance practices or lax security measures harm consumers? 
• To what extent do commercial surveillance practices or lax data security measures harm children, including teenagers? 
• How should the FTC balance costs and benefits? 
• How, if at all, should the FTC regulate harmful commercial surveillance or data security practices that are prevalent? 
• Who should administer notice or disclosure requirements? 
• What should companies provide notice of or disclose? 

The Commissioners submitted statements along with the ANPR expressing their opinions on the subject. FTC Chair Lina M. Khan and Commissioner Rebecca K Slaughter view the ANPR as a form of engagement with a wide range of stakeholders and a resource to policymakers as they consider the ADPPA. Commissioner Christine S. Wilson, however, expressed her apprehension that those in opposition of the ADPPA would use the ANPR to derail federal privacy legislation. 

Commissioner Alvaro M. Bedoya is in support of the ANPR and stated that he does not see this process as a hindrance or reason to delay passage of the ADPPA. Commissioner Noah J. Phillips sees the ANPR as an overreach of FTC authority.  

Comments must be received on or before October 21, 2022. Submit comments online at www.regulations.gov/ . If you prefer to submit comments on paper or would like additional information on the ANPR  that can be found at www.regulations.gov/document/FTC-2022-0053-0001 .