監管部門為什么懲罰黑客襲擊受害者

????聯邦貿易委員會對大多數消費者數據保護案件的權力來自《聯邦貿易委員會法案》（the F.T.C. Act），但該法并未賦予聯邦貿易委員會對涉事公司征收罰款的權力。相反，聯邦貿易委員會通常會要求涉事公司升級安全系統、經常接受第三方審計機構的安全性審計，并且承諾20年內不再對安全問題做出虛報、誤報。

????為了加大打擊力度，近日聯邦貿易委員會要求國會通過立法賦予它對數據安全案件進行經濟處罰的權力——實際上聯邦貿易委員會對企業的許多其它違法違規行為都有征收罰款的權力。最近提交的一個參議院法案就添加了這樣一個條款。除了聯邦貿易委員會以外，各州總檢察官有時也會因為企業安全措施不到位而對企業進行懲罰。

????聯邦貿易會在數據安全性上的監管對象并不包括銀行，銀行在這個問題上主要受聯邦存款保險公司（Federal Deposit Insurance Corporation）等機構管轄。銀行也經常成為黑客們的目標。比如去年黑客們侵入了花旗集團（Citigroup）的電腦系統，竊取了20多萬名信用卡持有人的信息。

????譯者：樸成奎

????The F.T.C.'s authority for most consumer data protection cases comes from the F.T.C. Act, and does not include the ability to levy financial penalties. Rather, the agency usually requires companies to upgrade their security, undergo regular security audits from a third-party and promise to make no more misrepresentations for 20 years.

????To give it greater teeth, the F.T.C. recently asked Congress for legislation that would allow it to impose financial penalties in data security cases - much like the agency already does for other types of corporate misbehavior. A Senate bill was recently introduced with such a provision. In addition to the F.T.C., the various state attorneys general sometimes punish companies for insufficient security.

????The F.T.C.'s oversight of data security does not include banks, which are instead regulated by the Federal Deposit Insurance Corporation, among others. Hackers frequently target banks, and last year, for instance, gained access to the computer system of Citigroup and stole information from more than 200,000 credit card holders.