The Federal Trade Commission (FTC) is seeking comment on potential rules that would penalize companies that suffer data breaches due to lax cybersecurity protocols and punish firms that engage in abusive commercial surveillance practices.
The agency’s advance notice of proposed rulemaking, issued Thursday, explained new rules might be necessary “because recent commission actions, news reporting, and public research suggest that harmful commercial surveillance and lax data security practices may be prevalent and increasingly unavoidable.”
