I was surprised to see an announcement from February 28 that U.S. Federal Trade Commission (FTC) Chairman Deborah Platt Majoras is leaving the FTC at the end of March.

Under Majoras' lead, the FTC has been the most aggressive and active with regard to enforcing compliance with the Federal Trade Commission (FTC) Act, the Gramm-Leach-Bliley Act (GLBA), and the many other laws and regulations for which the FTC has responsibility.

I have long hoped that the other regulatory oversight agencies would follow her example with tougher enforcement of the laws for which that are responsible, and also be more pro-active in applying penalties to those organizations with flagrantly aggregious non-compliance that resulted in the compromise of patient, customer and/or employee personally identifiable information (PII).  It is sad to see her go.  

Here are a couple of excerpts from the announcement about her departure:

"Majoras is a tough enforcer and a vigorous proponent of empowering consumers with facts about marketplace risks and frauds and the benefits of a competitive marketplace. She has focused on ensuring data security and protecting consumers from emerging frauds, such as identity theft, spyware, and deceptive spam. Majoras worked with the food and entertainment industries to harness their creative, technical, and financial power to promote healthier eating and exercise habits for children. During her tenure, she focused on increasing the efficiency and transparency of the merger review process, implementing sound antitrust policy regarding intellectual property, increasing efforts to prevent anticompetitive government policies, and strengthening cooperation with consumer and competition agencies around the world."

"Majoras is the recipient of the International Association of Privacy Professionals’ 2007 Privacy Leadership Award and RSA’s 2007 Award for Excellence in the Field of Public Policy. SC Magazine named her one of the Top Five Influential IT Security Thinkers in 2006, and Washingtonian Magazine listed her among the '100 Most Powerful Women in Washington.'"

To contrast the FTC with another oversight agency, the U.S. Department of Health and Human Services (HHS) has yet to apply one fine or penalty for violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule or Security Rule even though they have reportedly received close to 19,000 complaints since the Privacy Rule went into effect on April 14, 2003.

It is too bad Majoras couldn't have gone to the HHS for a few years to get compliance activities going there!  Without oversight and compliance enforcement, HIPAA has become a widely misunderstood law, vastly misinterpreted, and largely ignored by the covered entities that are supposed to be following the law, resulting in less protection for PII within health care entities than is necessary and expected.

I hope Majoras' replacement is at least as vigilent in going after organizations that are lax in protecting PII.  Time will tell.

No votes yet