FTC Has The Power To Police Cyber Security

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
According to a recent ruling by a U.S. appeals court, the Federal Trade Commission does in fact have the authority to regulate corporate cyber security. Imagine that, holding companies accountable for security breaches that result in the theft of customers' data.

The 3-0 decision by the 3rd U.S. Circuit Court of Appeals in Philadelphia on Monday upheld an April 2014 lower court ruling allowing the case to go forward. The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.
 
It's one of the few government things I've advocated. Someone needs to be held personally responsible for these kinds of data breaches. They can't continue like this and keep skating with an "oops! our bad" and nothing happens.
 
I agree and having the FTC in the consumer's corner should be a comfort. Unfortunately I have an issue with the reporters claim that;
Congress has not adopted wide-ranging legislation governing data security, a growing concern after high-profile breaches such as at retailer Target Corp, infidelity website Ashley Madison, and even U.S. government databases.
Click to expand...

The Safety Act passed in 2002 and recently modified has done the opposite;
http://www.law360.com/articles/435580/safety-act-a-cybersecurity-win-win-for-gov-t-industry
The SAFETY Act offers substantial protections for those technologies that receive designation, or the higher-tiered protection, certification. Under designation, the benefits include limiting jurisdiction to United States federal district court, a limitation on the type of damages that can be sought in such an action, barring both punitive damages and prejudgment interest, and, most importantly, a cap of the seller’s third-party liability at a DHS predetermined limit, which sellers must maintain throughout the period of protection.

If certification is attained, the seller receives all the benefits of designation, however, rather than its liability being subject to a cap, the seller is entitled to the use of the government contractor defense, which may serve to completely immunize the seller from third-party liability.
Click to expand...

And the Cybersecurity Information Sharing Act (CISA S. 2588 (113th Congress) which is not yet law.
https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Act

The main provisions of the bill make it easier for companies to share cyber threat information with the government. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. The bill also provides legal immunity from privacy and antitrust laws to the companies which provide such information.

With respect to privacy, the bill includes provisions for preventing the act of sharing data known to be both personally identifiable and irrelevant to cyber security. Any personal information which does not get removed during the sharing procedure can be used in a variety of ways. These shared cyber threat indicators can be used to prosecute cyber crimes, but may also be used as evidence for crimes involving physical force.
Click to expand...

So yes, nothing wide ranging yet. just a few little tidbits which insolate business from personal redress through the courts. It would seem that the government intents the FTC to be our one true champion.
 
This is another bullshit example of how our government is grabbing power to subvert the rule of law based on Constitutional standards.

I wonder if they're going to go after the OPM for the hack that affected ~21M people? They certainly aren't going after the Chinese government, who is widely believed to have sponsored the hack.
 
You must log in or register to reply here.
Back
Top