Cost-Benefit Analysis Needed in Data Security Conversation, Say Panelists, Lawmaker

The House Commerce Committee will increase its focus on data security, cross-border data flows and the Internet Of Things in 2014, said Vice Chairwoman Marsha Blackburn, R-Tenn., at a Technology Policy Institute event Wednesday. Commissioner Maureen Ohlhausen hopes the FTC will look more at data use instead of data collection, she said at the same event.

Blackburn said the government’s own data security failures and the White House’s inability to get traction with its consumer privacy proposal (CD Dec 2 p1) have driven the committee to pursue these issues, as well as to create the House Privacy Working Group, which she co-chairs with Rep. Peter Welch, D-Vt. That pursuit will include the reintroduction of Blackburn’s Secure IT Act (http://1.usa.gov/K3nNeU), a cost-benefit analysis of “the value of data’s use compared to the potential harms of its misuse,” and meetings with the FTC to clarify the data security rules that apply to businesses and government.

But it shouldn’t include legislation that restricts the collection or flow of data, Blackburn said. “The data-driven economy is made in America and it is a major American export.” The government needs to put industry “in the driver’s seat” and keep “government at bay,” she said. Blackburn said self-regulation is “essential” and, “I assure you, the best route to take."

Data use, not data collection, should be the government’s focus, Ohlhausen said. The FTC has done “a pretty good job” of enforcing against privacy violations, but the commission could be “focusing more on the improper use of data than on the collection of that data,” she said. “Consumer harm has its roots in data use and not data collection.” Ohlhausen believes it’s “generally inappropriate” for the FTC to impede data collection.

The free flow of data between the U.S. and EU is also important, as the two governments continue to negotiate the Transatlantic Trade and Investment Partnership (TTIP), said Blackburn. “We would hope that it’s not a trade barrier,” she said. “But we are certainly aware that there is maybe a little bit of jealousy, if you will, with the encouragement to innovate here."

Free services like Google and Facebook are funded through data collection and advertising, said Adam Thierer, a senior research fellow at George Mason University’s Mercatus Center. “There has to be a way those services are funded.” Like Blackburn, he encouraged the use of an economic cost-benefit analysis when it comes to data use. The FTC has gotten away from using this tool in the privacy arena, he said. Too often, Thierer said, the commission ignores its own 1984 policy statement on unfairness that two former FTC officials called “essentially a cost-benefit test.” Instead, the discussion has centered “on the sociology of privacy harm,” Thierer said. Ohlhausen cautioned that the cost-benefit analysis could be an “explicit tool” in some cases” but has to be “more of a concept” in other cases.

In the free market, there are economic incentives for companies to compete on data privacy, Blackburn and Ohlhausen agreed. Commenting on the recent Target data breach, Ohlhausen said: “Although such breaches raise serious concerns there appear to be real market and reputational concerns for companies to get big data right.” Shopping at Target was down and the retailer lowered its Q4 profit forecast in the weeks after the initial announcement, she said. “Privacy is a competitive feature much like price,” Blackburn said.