ANALYSIS: The FTC’s Gotten Bolder About ‘Unfair’ Data Security

[view original post]

An analysis of the last five years of the Federal Trade Commission’s data security settlements shows that the regulator has generally become less hesitant to label inadequate data security measures as an unfair business practice. This string of precedents may embolden the agency’s efforts to draft consumer data protection rules in 2022—a change that could affect both compliance and transactional attorneys alike.

The chart below depicts the last five years of FTC-issued consent decrees and their court-issued equivalents—known as stipulated orders—that resulted from a business’s alleged failure to implement adequate data security measures.

These statistics highlight the FTC’s increasingly consistent …