Singularity Law

When it rains it pours!

Over the summer I completed another law review article, which will appear in Volume 60, Issue 1 of the Administrative Law Review (Winter 2008), published by American University’s Washington College of Law. The title of the article is “The FTC, the Unfairness Doctrine and Data Security Breach Litigation: Has the Commission Gone Too Far?” The current draft of the article is available here.

The abstract of the article is reprinted below: (More after the jump.)

Abstract:

The Federal Trade Commission has taken the lead in the online privacy arena. It initially promoted self-regulation, but eventually realized that self-regulation was not working. Thereafter it began taking legal action against entities that violated the terms of their own privacy policies as deceptive trade practices. More recently, the Commission began filing complaints under its unfairness doctrine against companies that experienced data security breaches.

This article analyzes these latest cases under the carefully developed requirements of the unfairness doctrine, and argues that these actions were improperly filed. It further argues that the complaints and consent orders in these cases have provided no real guidance as to what a company should do (or not do) to avoid being the target of an unfairness action if it is the victim of a security breach.

The article proposes specific legislation that would give the Commission express authority to take action against companies that experience data security breaches, but only under well-defined regulations developed by the Commission in collaboration with the affected industries and with input from all interested parties.

Data security and the prevention of identity theft are too important to be left to the whim of the FTC or any other government agency. Companies need to know what is expected of them, so that they can implement appropriate technologies and put in place proper procedures to provide an adequate level of protection for sensitive consumer data. Enacting specific legislation, as proposed in this article, would go a long way toward achieving that goal.