2015 FTC Guidelines for Data Security


Cyber-security breaches and data leaks continue to be matters of serious concern to companies and consumers alike. Verizon reported 3,141 data disclosures in 2015, up from 2,122 in 2014. In 2015, Americans reported 490,220 incidents of identity theft, defined as the use or attempted use of another’s sensitive Personally Identifiable Information (“PII”) to commit fraud.

The FTC relies on the Federal Trade Commission Act, 15 U.S.C. §§ 41 et seq. , for cybersecurity oversight, including the right to bring administrative enforcement actions against companies with unreasonable data security practices. Circuit and district court rulings affirming the Commission’s jurisdiction over cyber-security practices have bolstered this authority. In 2015 the Third Circuit ruled that the FTC Act grants the Commission authority to challenge “unfair” data security practices. The Commission has aggressively exercised this authority and has brought close to sixty enforcement actions to date.

Excerpted from the Texas Bar Journal. See the full article here.

Related Practices

Email Disclaimer