The U.S. Federal Trade Commission should back away from its claim of broad authority to seek sanctions against companies for data breaches when it has no clearly defined data security standards, critics of the agency said Thursday.