From: Lawfare
For my money, Paul is probably correct in pointing to some long-run consequences of this week’s FTC v. Wyndham ruling. (Among other things, the decision concluded—quite correctly, in my view—that the Federal Trade Commission may, by dint of the so-called “unfairness” prong of the Federal Trade Commission Act, sue private companies that maintain unsafe cybersecurity practices.) Here’s Paul, yesterday:
• The FTC does not, however, have to define adequate cybersecurity by rule or regulation or guidance — it may provide adequate notice of what the law requires throught its enforcement process. Prior consent decrees will need to be consulted to determine what is required.
• Whatever that standard turns out, in the end, to be it is now a minimum standard that corporate America must follow.
• I predict that the same standard will gradually be imported into other areas where FTC regulation does not extend.
![Share on Facebook Facebook](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/facebook.png)
![Share on Twitter twitter](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/twitter.png)
![Share on Google+ google_plus](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/google_plus.png)
![Share on Reddit reddit](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/reddit.png)
![Pin it with Pinterest pinterest](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/pinterest.png)
![Share on Linkedin linkedin](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/linkedin.png)
![Share by email mail](https://www.thecre.com/fisma/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/mail.png)
Leave a Reply