期刊名称:Brooklyn Journal of Corporate, Financial & Commercial Law
印刷版ISSN:1934-2497
出版年度:2016
卷号:11
期号:1
页码:7
出版社:Brooklyn Law School
摘要:Privacy has come to the forefront of the technology world as third party hackers are constantly attacking companies for their customers’ data. With increasing instances of compromised customer information, the Federal Trade Commission (FTC) has been bringing suit against companies for inadequate data security procedures. The FTC’s newfound authority to bring suit regarding cybersecurity breaches, based on the Third Circuit’s decision in FTC v. Wyndham Worldwide Corp., is a result of inaction—Congress has been unable to pass sufficient cybersecurity legislation, causing the FTC to step in and fill the void in regulation. In the absence of congressional action, this self-proclaimed authority is improper. This Note proposes that Congress enact a law giving the FTC actual authority to regulate data breaches. Thereafter, the FTC should use its rulemaking authority to establish procedural data security guidelines for companies to follow; this Note offers procedural guidelines for the FTC to enforce. It is necessary for companies to know how to protect themselves against FTC enforcement actions. As cyber risk is burgeoning, as self-regulation has proven insufficient, and as the FTC is continuously bringing suit against companies for inadequate data security, it is further necessary for companies to obtain stand-alone cyber insurance to protect themselves in the modern marketplace.
关键词:Privacy law; Cybersecurity; Hackers; FTC v. Wyndham Worldwide Corp.; Data breaches; Data security procedures; Self-regulatory organizations (SROs); Financial Trade Commission (FTC); Corporate privacy; Cyber Crime; Section 5 of the Federal Trade Commission Act; Deceptive or unfair business practice; Congressional inaction; Key principles of compliance; Best Practices Guidelines; Cyber risk insurance; Commercial general liability (CGL) insurance; First party cyber loss; Third party cyber liability; Technical policies and procedures; Written information security plan (WISP)
