Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


FTC pushes to become regulating body of cybersecurity

Introduces legislation to make it the officially enforcement agency

With no overarching regulations or laws governing the cybersecurity practices of organizations, it can often be unclear what consumers should expect from those in possession of their data. Likewise, making sure technologies and policies adhere to the best practices of the industry can be difficult for businesses without experience in cybersecurity.

However in recent years, the Federal Trade Commission (FTC) has stepped up as an enforcement entity, holding corporations accountable when they are negligent with customer information. Now the FTC is hoping to become the official regulatory body for data security.

On Dec. 12, FTC Chairwoman Edith Ramirez requested legislation that would make the FTC’s current practice of policing data breaches one of its official duties. The FTC cites its authority to police trade practices that are “unfair” and “deceptive” to consumers as the basis for doing this, and has said that it only fines companies that repeatedly fail to secure customer information.

"I'd like to see FTC be the enforcer," Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. "If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it's something we've continued to push for."

But, while the FTC has been increasingly willing to fine companies that expose consumers to cyber risk, as mentioned before, there are no truly clear rules or regulations at the federal level for companies to guide their actions.

This became clear in a recent case with Wyndham Worldwide Corp., in which the Hotelier pushed back on FTC fines.

“I'm not disputing that data security is an important issue," said Eugene Assaf, a lawyer for Wyndham said during oral arguments on the FTC suit. "My quarrel is that the FTC is actually not the agency that's supposed to be doing it."

LabMD also recently rebuffed FTC fines.

One thing is clear, regardless of whether or not the FTC becomes that body responsible for cybersecurity oversight; standards are needed to hold businesses accountable if the commission has any hope of effecting actual change in the space.


For more on cybersecurity check out these stories:

Recent DOJ and FTC actions highlight the role of remedies in antitrust matters

Dodd-Frank compliance is a burden for small banks, experts say

European Union adoption of cybersecurity measures delayed

Executive Editor

author image

Chris DiMarco

Chris DiMarco, Executive Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.