From: JD Supra Business Advisor
Steven Caponi | Blank Rome LLP
On March 7, 2014, U.S. District Judge Esther Salas in New Jersey issued a much anticipated decision rejecting a direct challenge to the Federal Trade Commission’s authority to police corporate cybersecurity practices. Seeking to dismiss an FTC enforcement action, the hotel chain Wyndham Worldwide Corp., which was supported by many prominent business groups, had argued the commission didn’t have the power to regulate corporate data-security practices. While still subject to appellate review and not binding on other federal courts, Judge Salas’ decision paves the way for the FTC to seize the mantel as the top federal enforcement authority in the area of cybersecurity.
It can be argued the growing influence of the FTC in the area of cybersecurity is the result of inaction rather than a deliberate plan to expand the reach of the commission. Despite a clear need, Congress has been unable to pass significant cybersecurity legislation, let alone a comprehensive bill addressing the rising threat posed by cyber attacks. The result of this inaction, lack of clear regulations and absence of a designated enforcement body is a power vacuum, and in Washington such vacuums will eventually be filled. In the case of cybersecurity, it is the FTC that has come forward to fill the void in cybersecurity enforcement.
The FTC has quietly moved to the forefront of the cybersecurity discussion by initiating enforcement actions following cyber attacks. These enforcement actions have resulted in the imposition of tens of millions of dollars in penalties, private settlements and expensive compliance obligations. When private settlements fail, the FTC has initiated litigation to hold corporations accountable for cyber breaches involving customer data. In the absence of cybersecurity legislation or specific grant of authority by Congress, one would be reasonable to question the legal footing upon which the FTC relies to initiate enforcement actions challenging cyber preparedness.
Leave a Reply