Feds look to partner with states to enforce data privacy laws, cyber breaches
Silas Stein/picture alliance via Getty Images
As cybersecurity threats grow and evolve, the Federal Communications Commission recently announced it would partner with four states to step up efforts to protect consumer privacy by holding bad actors accountable.
The Federal Communications Commission announced last week a first-ever partnership with four states to collaborate on enforcement actions related to consumers’ privacy, data protection and cybersecurity.
The attorneys general of Connecticut, Illinois, New York and Pennsylvania are the first to sign memoranda of understanding with the FCC, pledging to share their expertise and resources and coordinating efforts to conduct investigations to protect consumers.
“Every day millions of people have their personal information and data stolen or misused, or their data is not sufficiently protected,” Pennsylvania Attorney General Michelle Henry said in a statement. “Our formal agreement to pool our resources will better enable investigators to tackle a complicated and constantly evolving issue, giving us an advantage in our mission to hold those who break our laws accountable.”
Under the memorandum, two areas are sketched out for cooperation. One is during investigations, in which the FCC Enforcement Bureau and state officials can work together to request records, talk to witnesses, interview targets of investigations and examine consumer complaints, among other steps. The other is through a fostering of relationships, in which the FCC can offer partner states the expertise of its enforcement staff as well as help make introductions to other federal agencies and authorities that can assist with investigations and prosecutions.
This kind of collaboration has already “obtained measurable results” in combating robocalls, according to the FCC.
Congress tasked the agency through legislation with tackling the scourge of robocalls. The act gave the FCC more authority and also required states to step up and share information with the federal government. Fifty states and territories signed MOUs with the FCC to share information on robocalls with investigators.
One example of success under the cooperation can be found in Ohio. Last year, Attorney General Dave Yost filed a lawsuit against 22 defendants responsible for bombarding U.S. consumers with billions of illegal robocalls regarding fraudulent auto warranty plans. In a separate development supporting Yost’s crackdown, the FCC issued cease and desist letters to some of the same targets in the case. The effort resulted in a $299 million fine a year later by the FCC against these defendants and led to an unprecedented 99% reduction in fraudulent auto warranty robocalls.
Under the new partnership, FCC Chairwoman Jessica Rosenworcel has also created the Privacy and Data Protection Task Force. That task force will coordinate across the agency on rulemaking, enforcement and public awareness campaigns for various threats like data breaches and scams that could lead to consumers’ information being stolen.
“Defending consumer privacy is an all-of-government responsibility and a shared challenge,” Rosenworcel said in a statement.
There is growing precedent for such partnerships. Better coordination between the federal government and states is a hallmark of the $1 billion State and Local Government Cybersecurity Grant Program, which looks to encourage closer collaboration and information sharing, and has boosted the whole-of-government approach to cybersecurity that many experts advocate for.
But the absence of federal action on data privacy has led to a vacuum of legislation that is being rapidly filled by many states, with lawmakers reluctant to wait any longer for Congress to pass comprehensive consumer data privacy protections. State leaders said having the heft of the FCC’s investigators behind them will help with subsequent enforcement action.
“Consumers have a right to know and control how their personal information is used, stored and protected, and companies who violate that trust must be held accountable,” said Connecticut Attorney General William Tong in a statement. “This powerful new partnership between our states and the Federal Communication Commission is a recognition of the growing importance of this critical work.”
The FCC said any state wishing to partner with it on the data privacy and cybersecurity initiative is welcome. “We welcome other state leaders to join us in this effort to ensure we work together to protect consumers and their data,” Rosenworcel said.
NEXT STORY: Want to know if your data are managed responsibly? Here are 15 questions to help you find out