mr. vladeck and mr. martinez, the core of the problem is that typically improperly secured information from people holding the data or the criminal networks that are just a step ahead. they figured out -- somebody can be vigilant in what they are doing and somebody figured out a way around the system. what are you seeing? just sloppy corporation side or data holders or is it the other? i know it's probably a combination of both. what do you see the most? >> yes, sir, it is a combination of both. ly go through some of the statistics on the recent study that we did with verizon business. 92% of the attacks were not highly difficult, and 96% of the breaches were avoidable through simple or intermedia controls. i think our panel member haves told you and brought up a lot of recommendations. so it's a lot of times it's that some of the security measures that should be in place just aren't fully implemented. and although we do have criminals that are highly sophisticated and we have seen the amount of attacks

mr. vladeck.ony took more than two weeks to notify the customers, how long does a company need before it notifies the customers, and what is the average time necessary to inform consumer their information may have been breached? >> we share the concern, i think, of everyone in the room that consumers need to be notified as promptly as possible. there are two practical exigencies that delay notifications. one is there's a need that the company patched whatever hole there is in the system before the breach is made public. and second, it sometimes takes the company sometime to understand what information has been accessed and who needs to be notified of the breach. we think this should happen as soon as practical, and in the prior legislation, for example, there was an outer limit set at 60 days. i don't know whether that was the right date or not. i can't answer your question about common practices, data breaches very so much, it's hard to extract the general rule. the smaller the breach, typically

mr. vladeck? >> not much. not very. >> ok. and how valuable do you believe a streamline privacy policy agreement would be when moving forward if we try to set some best practices? >> well, we discuss this in great detail in our privacy report, but with you think privacy policy is at least -- those particularly on smart phones need to be short, clear and concise and they ought to be delivered just when the decision about using the app or sharing information is made. >> and that isn't the truth right now? >> that is not generally the way they're delivered at the moment. >> ok. secondly, and senator kerry was touching on this. i know one of the most popular things in our household is the do-not-call registry a few years ago and now we're looking with senator rockefeller of this idea of do-not-track for mobile phones. what kind of feedback have you received from consumers on the do-not-track? >> we've gotten positive response, not just from consumers who overwhelmingly support a do-not-track feature, but as you may know, both the

mr. chairman. with the committee's permission, what i'd like to do is go to the first panel, and our first panelist today is david vladeck, director of the bureau and your statement is part of the record, your written statement as well as everybody's opening statement if they want to submit those. i ask you to keep your opening remarks to 5 minutes if possible. thank you. >> chairman pryor, chairman rockefeller, i'm david vladeck. i appreciate the opportunity to talk about the issues in the mobile marketplace. the views expressed in the written statement we submitted represent the commission's views. my oral remarks and any response to questions represent my own views. today's hearing could not be more timely for more important. we're seeing explosive growth in the mobile marketplace. robust wireless internet connections and businesses are innovating and consumers are purchasing and using smart phones at extraordinary rates, and there's no wonder why. the phones are powerful, multitasking devices that marriage the desk top computer with the personal, always on, and always with you nature of mobile phones. there's no ques