FTC Announces a New “Start with Security” Campaign

Mar 6, 2015

Reading Time : 1 min

By: Michelle A. Reed, Anthony T. Pierce, Natasha G. Kohne, David S. Turetsky, Visiting Professor, College of Emergency Preparedness, Homeland Security, and Cybersecurity at the University of Albany

This announcement came at one of the largest worldwide gatherings of privacy professionals, the International Association of Privacy Professionals’ annual global privacy summit in Washington, D.C. The announcement is also a likely response to the growing criticism the FTC has received for charging companies with unfair trade practices for data security breaches and incidents when the FTC has issued little to no guidance as to what constitutes acceptable security practices. Some companies have challenged the FTC’s enforcement jurisdiction in the cybersecurity space, and the 3rd Circuit, during oral argument this week in the FTC v. Wyndham Worldwide Corp. dispute, appeared sympathetic to companies facing enforcement with no detailed standards. LabMD has also challenged the FTC’s jurisdiction, but the 11th Circuit determined that it lacked subject-matter jurisdiction because there was no “final agency decision,” thus forcing LabMD to endure an entire administrative proceeding before addressing the FTC’s authority.

The FTC has brought more than 60 data security actions in the last 10 years, claiming that companies failed to implement reasonable security controls. Many companies argue that such actions are unfair when the FTC has not put companies on notice of the standard by which companies will be judged. FTC Commissioner Maureen Ohlhausen later commented at the conference that she believes federal data security legislation “would be useful for the reiteration of the FTC’s authority to acquire reasonable standards for data.” Some speculate that the standards promulgated by the National Institute of Standards and Technology will eventually become that standard, but, as currently written, the standards are voluntary and not mandatory. In the meantime, the FTC has stepped up its marketing campaign to maintain authority over cybersecurity enforcement.

Share This Insight

Previous Entries

Akin Deal Diary

April 12, 2023

Read More

Akin Deal Diary

2022-12-15

On December 14, 2022, the Securities and Exchange Commission (SEC) adopted amendments regarding Rule 10b5-1 insider trading plans and related disclosures. The amendments aim to strengthen investor protections concerning insider trading and to help shareholders understand when and how insiders are trading in securities for which they may at times have material nonpublic information (MNPI). In light of these amendments, issuers should review and revise, if needed, their insider trading policies and equity grant policies.

Read more.

...

Read More

© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.