Download this Paper Open PDF in Browser

The FTC, the Unfairness Doctrine and Data Security Litigation: Has the Commission Gone Too Far?

68 Pages Posted: 5 Sep 2007  

Michael D. Scott

Southwestern Law School

Date Written: August 21, 2007


The Federal Trade Commission has taken the lead in the online privacy arena. It initially promoted self-regulation, but eventually realized that self-regulation was not working. Thereafter it began taking legal action against entities that violated the terms of their own privacy policies as deceptive trade practices. More recently, the Commission began filing complaints under its unfairness doctrine against companies that experienced data security breaches.

This article analyzes these latest cases under the carefully developed requirements of the unfairness doctrine, and argues that these actions were improperly filed. It further argues that the complaints and consent orders in these cases have provided no real guidance as to what a company should do (or not do) to avoid being the target of an unfairness action if it is the victim of a security breach.

The article proposes specific legislation that would give the Commission express authority to take action against companies that experience data security breaches, but only under well-defined regulations developed by the Commission in collaboration with the affected industries and with input from all interested parties.

Data security and the prevention of identity theft are too important to be left to the whim of the FTC or any other government agency. Companies need to know what is expected of them, so that they can implement appropriate technologies and put in place proper procedures to provide an adequate level of protection for sensitive consumer data. Enacting specific legislation, as proposed in this article, would go a long way toward achieving that goal.

Keywords: FTC, unfairness, data security, breach, identity theft

JEL Classification: K20, K42, L50, L86, O33, O38

Suggested Citation

Scott, Michael D., The FTC, the Unfairness Doctrine and Data Security Litigation: Has the Commission Gone Too Far? (August 21, 2007). Available at SSRN: or

Michael Dennis Scott (Contact Author)

Southwestern Law School ( email )

3050 Wilshire Blvd.
Los Angeles, CA 90010
United States

Paper statistics

Abstract Views