Business & Corporate
CYBER CENTER: Cybersecurity as an Unfair Practice: FTC Enforcement under Section 5 of the FTC Act
William R. Denny
In spite of growing concern about cybersecurity, Congress has not yet adopted broad federal legislation. Instead, companies today face a patchwork of laws and regulations pertaining to corporate cybersecurity practices, including 47 states and the District of Columbia, as well as multiple federal agencies. Many federal agencies involved in cybersecurity regulation are industry-specific, focusing, for example, on financial services, health care, insurance, or publicly traded corporations. However, the FTC has taken a broad mandate to extend its oversight over all companies operating in the United States. Since 2002, the FTC has assumed a leading role in policing corporate cybersecurity practices. In that time, it has brought more than 60 cases against companies for unfair or deceptive practices that endanger the personal data of consumers.