Skip to content

No Harm, No Foul? Defining FTC’s Authority Over Data Security

Given the frequency of high-profile breaches, it’s reasonable for companies and consumers to be not only fearful but also realistic about data security.  It’s not a question of if a security lapse will occur, but when.

While the Federal Trade Commission is willing to exercise its prosecutorial authority under Section 5 of the FTC Act in the data security arena, two recent rulings show that the reach of that authority is still far from certain.

This article examines these two recent rulings, which suggest that courts will continue to struggle to define the contours of liability for hackings and data breaches—and that the outcome of these cases is highly dependent on the facts.