Coincident to the beginning of Congress’s annual August recess, the FTC announced that it will soon launch the data privacy rule-making process to “crack down on harmful commercial surveillance and lax data security.” Though the FTC has previously gone after companies for insufficient data security practices, this announcement signifies that the Commission intends to take a major step to regulate data privacy and security matters at the federal level.

Though all five Commissioners have stated they would prefer Congress regulate these issues, they appear to share the widespread sentiment among state lawmakers that – because Congress didn’t pass the most recent bill introduced to create a federal privacy law, the American Data Privacy and Protection Act, before its summer recess – a federal privacy law may still be several years away.