Organizations that have failed to implement “reasonable and appropriate” information security measures sometimes find themselves on the wrong end of a Federal Trade Commission (FTC) allegation of unfair and deceptive trade practice. These enforcement actions have uniformly ended in a settlement that carried significant obligations and continued FTC oversight for as long as 20 years. We earlier reported on the increasing granularity of these actions in “Reasonable” Security: The FTC Requires It, But What is “Reasonable” Security?
In the course of taking these enforcement actions, the FTC has built an increasingly specific body of case law dictating the types of security lapses it deems “unfair” to consumers. A few examples taken from recent actions include...
Please see full publication below for more information.