• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

FTC Chairwoman Reiterates Support for National Data Breach Law with FTC Enforcement Powers

December 16, 2013 By Privacy & Data Security Team

At the National Consumers League Conference on identity theft, held on December 12, 2013 in Washington, D.C., Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez pushed for a federal data breach law featuring the FTC as the “enforcer.” Chairwoman Ramirez engaged in a keynote discussion with former FTC Chairwoman Deborah Platt Majoras and made her position clear that a federal data breach notification law that complements existing state laws would benefit consumers. The keynote can be viewed in its entirety here (the discussion related to a national data breach notification law begins at 21:35).

As it stands, 46 U.S. states, the District of Columbia, and 3 U.S. territories have enacted data breach notification laws requiring that companies notify affected individuals, and in some cases the state Attorney General, of “data breaches” involving “personal information,” as those terms are defined in each statute. In most states or territories, the Attorney General’s office or other regulator may bring civil actions against companies based on those breaches, with some states allowing for private causes of action as well. Chairwoman Ramirez envisions a system where there is “FTC enforcement along with state concurrent jurisdiction to enforce” data breach notification laws. That FTC power would include “civil penalty authority.”

The FTC currently takes action on data breaches by bringing suits against companies under § 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” 15 U.S.C. § 45. Such actions typically allege that a company’s failure to have adequate data security measures in place to protect consumer’s personal information constitutes an “unfair” or “deceptive” trade practice. The FTC’s authority to bring these cases is being challenged in FTC v. Wyndham. (See here for more information on Wyndham). Should the FTC be stripped of its claimed authority under § 5, the FTC will likely re-double its efforts for added enforcement authority under a new federal data breach law.

Written by Louis Dennig, Associate, Privacy & Data Security | Alston & Bird LLP

Filed Under: Cybersecurity, Data Breach, Enforcement, Legislation Tagged With: Federal Trade Commission (FTC), Regulatory Enforcement

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy