FTC Announces a New “Start with Security” Campaign

Natasha Kohne, Michelle Reed
Akin Gump Strauss Hauer & Feld LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Yesterday, Federal Trade Commission (FTC) Chairwoman Edith Ramirez and FTC Bureau of Consumer Protection Director Jessica Rich announced that the FTC will begin a “Start with Security” campaign, through which the FTC will give nationwide presentations to corporate groups on specific data security topics and best practices. Ramirez said that “more attention needs to be paid to data security” and that the FTC “want[s] to be more concrete in some of the guidance we’re putting out there.”

This announcement came at one of the largest worldwide gatherings of privacy professionals, the International Association of Privacy Professionals’ annual global privacy summit in Washington, D.C. The announcement is also a likely response to the growing criticism the FTC has received for charging companies with unfair trade practices for data security breaches and incidents when the FTC has issued little to no guidance as to what constitutes acceptable security practices. Some companies have challenged the FTC’s enforcement jurisdiction in the cybersecurity space, and the 3rd Circuit, during oral argument this week in the FTC v. Wyndham Worldwide Corp. dispute, appeared sympathetic to companies facing enforcement with no detailed standards. LabMD has also challenged the FTC’s jurisdiction, but the 11th Circuit determined that it lacked subject-matter jurisdiction because there was no “final agency decision,” thus forcing LabMD to endure an entire administrative proceeding before addressing the FTC’s authority.

The FTC has brought more than 60 data security actions in the last 10 years, claiming that companies failed to implement reasonable security controls. Many companies argue that such actions are unfair when the FTC has not put companies on notice of the standard by which companies will be judged. FTC Commissioner Maureen Ohlhausen later commented at the conference that she believes federal data security legislation “would be useful for the reiteration of the FTC’s authority to acquire reasonable standards for data.” Some speculate that the standards promulgated by the National Institute of Standards and Technology will eventually become that standard, but, as currently written, the standards are voluntary and not mandatory. In the meantime, the FTC has stepped up its marketing campaign to maintain authority over cybersecurity enforcement.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP
Akin Gump Strauss Hauer & Feld LLP
Contact
more
less

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide