Psychics, Russian Roulette, and Data Security: The FTC’s Hidden Data Security Requirements
48 Pages Posted: 23 May 2013
Date Written: May 9, 2013
This essay argues that currently the FTC’s enforcement and guidance practices may pose serious constitutional and practical concerns of providing fair notice of the data-security practices that violate Section 5 of the FTC Act. The FTC has several alternative methods for providing more useful and authoritative guidance to entities. Rulemaking seems to be the most promising to address these concerns, as it allows entities to participate in the regulatory process thereby improving the final rule. Formal adjudications, advisory opinions, and policy statements, though less effective than rulemaking, may also provide some much needed clarity. Improved authoritative interpretations of Section 5 are crucial to improve compliance and provide entities with enough information to perform proper risk management, given the current environment of aggressive enforcement against the victims of data breaches when they have unclear guidance on expected data-security practices.
Keywords: privacy, data security, FTC, Federal Trade Commission, standing, fair notice, unfair practice, data breach, security breach, due process, Section 5, rulemaking
Suggested Citation: Suggested Citation