监管部门为什么惩罚黑客袭击受害者

    联邦贸易委员会对大多数消费者数据保护案件的权力来自《联邦贸易委员会法案》（the F.T.C. Act），但该法并未赋予联邦贸易委员会对涉事公司征收罚款的权力。相反，联邦贸易委员会通常会要求涉事公司升级安全系统、经常接受第三方审计机构的安全性审计，并且承诺20年内不再对安全问题做出虚报、误报。

    为了加大打击力度，近日联邦贸易委员会要求国会通过立法赋予它对数据安全案件进行经济处罚的权力——实际上联邦贸易委员会对企业的许多其它违法违规行为都有征收罚款的权力。最近提交的一个参议院法案就添加了这样一个条款。除了联邦贸易委员会以外，各州总检察官有时也会因为企业安全措施不到位而对企业进行惩罚。

    联邦贸易会在数据安全性上的监管对象并不包括银行，银行在这个问题上主要受联邦存款保险公司（Federal Deposit Insurance Corporation）等机构管辖。银行也经常成为黑客们的目标。比如去年黑客们侵入了花旗集团（Citigroup）的电脑系统，窃取了20多万名信用卡持有人的信息。

    译者：朴成奎

    The F.T.C.'s authority for most consumer data protection cases comes from the F.T.C. Act, and does not include the ability to levy financial penalties. Rather, the agency usually requires companies to upgrade their security, undergo regular security audits from a third-party and promise to make no more misrepresentations for 20 years.

    To give it greater teeth, the F.T.C. recently asked Congress for legislation that would allow it to impose financial penalties in data security cases - much like the agency already does for other types of corporate misbehavior. A Senate bill was recently introduced with such a provision. In addition to the F.T.C., the various state attorneys general sometimes punish companies for insufficient security.

    The F.T.C.'s oversight of data security does not include banks, which are instead regulated by the Federal Deposit Insurance Corporation, among others. Hackers frequently target banks, and last year, for instance, gained access to the computer system of Citigroup and stole information from more than 200,000 credit card holders.