PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The FTC Zoom Case: Does the FTC Need a New Approach?

Co-authored by Prof. Woodrow Hartzog It was inevitable. On Monday, Zoom joined an exclusive club of tech companies – Facebook, LinkedIn, Twitter, Microsoft, Google, Uber, Snap, and more. This club involves companies that have been under a Federal Trade Commission (FTC) consent decree. In a weird sense, for tech companies, being enforced against by the FTC […]

Speaking at the FTC Hearing on Data Security on December 12

12/13/18 Update: Here is the video from the session described below. On Wednesday, December 12, 2018, I’ll be speaking at the Data Security hearing, part of the FTC Hearings on Competition and Consumer Protection in the 21st Century.  My panel begins at 1:00 PM: The U.S. Approach to Consumer Data Security Wednesday, December 12, 2018 from […]

Did the LabMD Case Weaken the FTC’s Approach to Data Security?

Federal Trade Commission - Washington, DC

Co-Authored by Prof. Woodrow Hartzog On Wednesday, the U.S. Court of Appeals for the 11th Circuit issued its long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018). While there is some concern that the opinion will undermine the FTC’s power to enforce Section 5 […]

The Future of the FTC on Privacy and Security

Co-authored by Professor Woodrow Hartzog The Federal Trade Commission is the most important federal agency regulating privacy and security. Its actions and guidance play a significant role in setting the privacy agenda for the entire country. With the Trump Administration about to take control, and three of the five Commissioner seats open, including the Chairperson, […]

The 5 Things Every Privacy Lawyer Needs to Know about the FTC: An Interview with Chris Hoofnagle

Privacy and Security Training

The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of […]

The Scope and Potential of FTC Data Protection

FTC Privacy and Security

I am pleased to announce the publication of my article, The Scope and Potential of FTC Data Protection., 83 George Washington Law Review 2230 (2015).  I wrote the article with Professor Woodrow Hartzog. The article addresses  the scope of FTC authority in the areas of privacy and data security (which together we refer to as […]

Start with Security: The FTC’s Data Security Guidance

Recently, the FTC issued a short guide to what organizations can do to protect data security.  It is called Start with Security  (HTML) — a PDF version is here.  This document provides a very clear and straightforward discussion of 10 good information security measures.  It uses examples from FTC cases.

5 Things the FTC Should Do to Improve Data Security in the Wake of Wyndham

Over at Fierce IT Security, Professor Woodrow Hartzog and I have a new essay, 5 Things the FTC Should Do to Improve Data Security in the Wake of Wyndham.  The piece discusses some enforcement strategies we believe the FTC should use to maximize its effectiveness in improving data security.  Our suggestions include: Do more proactive […]

The FTC Has the Authority to Enforce Data Security: FTC v. Wyndham Worldwide Corp.

by Daniel J. Solove The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015).  The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham. […]

Should the FTC Kill the Password? The Case for Better Authentication

Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]