Judge Says FTC Can Sue Over Poor Data Security

, Corporate Counsel


In a case being closely watched by general counsel, a federal judge ruled the Federal Trade Commission has authority to take legal action against companies that have faulty consumer data security.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Continue to Lexis Advance®

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

What's being said

  • Vern

    very nice article.
    Vern Leeroy from Miter Saw Genie

  • not available

    Actually, the FTC issued data security guidance for businesses in 2011 and 2012. The 2011 guidance is a document titled Protecting Personal Information – A Guide for Business. http://goo.gl/zKrnrA The FTC cited that guide in its March 2012 report on Protecting Consumer Privacy in an Era of Rapid Change in the section discussing the obligation of businesses to provide “reasonable” data security for consumer information. http://goo.gl/OkawYw

    For example, 2011 FTC guidance includes the statements:

    Regular email is not a secure method for sending sensitive data. The better practice is to encrypt any transmission that contains information that could be used by fraudsters or identity thieves.

    Encrypt sensitive information that you send to third parties over public networks (like the Internet), and consider encrypting sensitive information that is stored on your computer network or on disks or portable storage devices used by your employees. Consider also encrypting email transmissions within your business if they contain personally identifying information.

    In other words, the FTC has said that businesses should use email encryption in order to provide “reasonable” data security for sensitive consumer data.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article #1202650394926

Thank you!

This article's comments will be reviewed.