A prominent antitrust lawyer in Washington. A consumer advocate versed in financial services, particularly student loans. An in-house corporate attorney at Delta Airlines and a U.S. Senate lawyer.
None of the Trump administration’s four nominees to the Federal Trade Commission would arrive at the agency as an expert in cybersecurity, an issue at the top of the agency’s priorities. They will be forced to hit the ground running on the agency’s investigation into Equifax Inc. over a breach last year that compromised the personal information of 145 million people and brought a flood of litigation against the credit reporting agency.
The Equifax hack hung over Wednesday’s U.S. Senate confirmation hearings for the four nominees. While tiptoeing around the Equifax investigation, so as not to “prejudice” or “pre-judge” the matter, the four predicted that data security issues would figure prominently in their FTC tenures.
Joe Simons, the former Paul, Weiss, Rifkind, Wharton & Garrison antitrust partner nominated to lead the FTC, said the agency’s handling of data breaches will likely be the most difficult issue for the agency in coming year. His fellow nominees—including former Delta Air Lines executive Christine Wilson and Sen. John Cornyn’s chief counsel Noah Phillips—agreed with that sentiment.
“They’re becoming much more significant, much more frequent,” Simons said of data breaches. “And I think that’s a real, real, real serious concern for us and we need to pay close attention to it.”
Later, when asked by Sen. Amy Klobuchar, D-Minnesota, about the Equifax breach, Simons said, “I don’t want to prejudge any existing matter except to say in any major issue involving data breaches, I would expect the commission to be all over it, providing the necessary resources and just being very vigorous.”
Klobuchar referenced a letter she recently sent the FTC urging it to broaden its investigation in response to a recent Reuters report that said the Consumer Financial Protection Bureau had pulled back from its own Equifax investigation. The CFPB’s interim chief, White House budget director Mick Mulvaney, denied those reports Tuesday, telling a Senate panel that “there has been no change in the position from the previous leadership of the CFPB regarding Equifax.”
Rohit Chopra, a former student loans ombudsman at the CFPB who was nominated for a Democratic seat on the FTC, said the Equifax breach was just one of several serious issues with the credit reporting industry that have recently come to light. Chopra, now a senior fellow at the Consumer Federation of America, noted recent news reports about credit reporting agencies misidentifying consumers as terrorists and drug traffickers.
Equifax drew criticism not only for the breach itself but the weeks-long delay disclosing it to the public. When asked by Sen. Maria Cantwell, D-Washington, about whether the federal government should set more rigorous breach notification guidelines, Simons said, “That’s something definitely worth looking at.”
“Sometimes you want to make sure you know what the breach is about and fix it before you announce it,” Simons said. “It depends on the facts of the case and whether the breach notification is appropriate sooner or later.”
Chopra said the Equifax breach was a “wakeup call about the patchwork of state laws” for such notifications.
“I am very interested in working with all of you on data breach and data security issues,” Chopra said, “because it is only going to be more frequent.”
A public notification “several weeks after a major breach of personal data does not sound like it’s fast enough,” he added.