Abstract
The Federal Trade Commission (FTC) plays a large role in the cybersecurity world by enforcing specific statutes, such as HIPPA, COPPA, and FCRA, and, more generally, utilizing its authority under the Federal Trade Commission Act to penalize companies that allow data breaches. Recently, however, businesses have begun to push back, contesting the FTC’s authority to police information security. In FTC v. LabMD, Inc., a company under FTC investigation for an alleged data breach challenged the FTC’s ability to issue an administrative subpoena. LabMD indirectly disputed the FTC’s role in information security and its use of the unfairness category of the FTC Act as a basis of enforcement in data breach cases. The district court ultimately found that the FTC made a plausible case for its authority, but based its holding on the weight of precedent surrounding the FTC’s general use of the FTC Act in information security cases. Thus, the FTC’s reliance on the FTC Act is currently permitted, but could be challenged in the future. LabMD’s challenge of the FTC’s authority was significant however, because there is no legislative or executive action on privacy, so the FTC’s guidance, best practices, and enforcement set the de facto “privacy law.” As the FTC casts an increasingly wider net with or without congressional or executive action on data security, the future of the FTC Act’s scope in this area is uncertain.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
