Psychics, Russian Roulette, and Data Security: The FTC’s Hidden Data Security Requirements

48 Pages Posted: 23 May 2013

See all articles by Gerard Stegmaier

Gerard Stegmaier

George Mason University, Antonin Scalia Law School, Students/Alumni

Wendell Bartnick

Independent

Date Written: May 9, 2013

Abstract

This essay argues that currently the FTC’s enforcement and guidance practices may pose serious constitutional and practical concerns of providing fair notice of the data-security practices that violate Section 5 of the FTC Act. The FTC has several alternative methods for providing more useful and authoritative guidance to entities. Rulemaking seems to be the most promising to address these concerns, as it allows entities to participate in the regulatory process thereby improving the final rule. Formal adjudications, advisory opinions, and policy statements, though less effective than rulemaking, may also provide some much needed clarity. Improved authoritative interpretations of Section 5 are crucial to improve compliance and provide entities with enough information to perform proper risk management, given the current environment of aggressive enforcement against the victims of data breaches when they have unclear guidance on expected data-security practices.

Keywords: privacy, data security, FTC, Federal Trade Commission, standing, fair notice, unfair practice, data breach, security breach, due process, Section 5, rulemaking

Suggested Citation

Stegmaier, Gerard and Bartnick, Wendell, Psychics, Russian Roulette, and Data Security: The FTC’s Hidden Data Security Requirements (May 9, 2013). George Mason Law Review, Vol. 20, No. 3, pp. 673-720, 2013, Available at SSRN: https://ssrn.com/abstract=2263037

Gerard Stegmaier

George Mason University, Antonin Scalia Law School, Students/Alumni ( email )

3301 Fairfax Drive
Arlington, VA 22201
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
167
Abstract Views
1,381
rank
251,486
PlumX Metrics