ThreatMetrix Takes a Stand: FTC Should Consider Revising Consumer Privacy Legislation to Exclude Cyber Security
Posted February 14, 2011
In Response to the Proposed FTC Legislation Initiated in Effort to Protect Consumer Privacy, ThreatMetrix Outlines Potential Consequences Related to Company Efforts to Protect Themselves and Consumers Against Online Fraudsters
Los Altos, CA – February 15, 2011 – ThreatMetrix™, the fastest growing cloud-based provider of fraud prevention solutions that do not require personally identifiable information (PII), has voiced a response to the proposed FTC legislation that addresses behavioral advertising.
While the Preliminary Report does in fact recognize the unique role of data collection for fraud detection, noting that it is a commonly accepted practice, ThreatMetrix suggests that companies engaged in cyber security should be excluded from the Framework proposed by the FTC.
“The importance of cyber security, and the nature of the data collected, requires that it be treated differently than the treatment accorded consumer data collected for behavioral advertising purposes,” said Reed Taussig, president and CEO, ThreatMetrix.
ThreatMetrix cites four reasons why such companies should not be covered under this Framework:
• Data is typically not sensitive consumer information: Aside from personally identifying electronic mail addresses, much of the data used in cyber security is typically not, in and of itself, sensitive consumer data.
• Fraud detection is a “commonly accepted practice”: The Preliminary Report recognizes that fraud detection is part of “commonly accepted practices” for which consent is not required, recognizing the less sensitive nature of such information, and the importance of cyber security, from a consumer protection standpoint.
• Disclosure of data may make electronic commerce less secure: Detailed disclosure of data use and collection for security purposes may make electronic commerce less secure and thereby reduce consumer welfare.
• Propositions in the Framework could hamper cyber security: Because the FTC, as part of the Framework, is suggesting that companies incorporate data security practices into their operations, security companies should not be hampered by the need to provide detailed disclosure concerning their data use and collection practice. The FTC’s record in security-related prosecutions is testament to the need to create regulations that encourage, rather than hamper, cyber security.
“Ultimately, companies need to increase the transparency of their data practices,” said Taussig. “This involves improved privacy notices, reasonable access to consumer data as well as some material changes.”
Given the complexity of the issues raised in the Preliminary Report, at the request of several organizations the FTC extended public commentary from January 31 to February 18.
For more information about ThreatMetrix’s viewpoint, visit:
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.
Lauren Eichmann for ThreatMetrix
Walker Sands Communications