Q

What are the effects of the FTC controlling cybersecurity regulations?

The FTC was granted authority in enterprise cybersecurity regulations. Expert Mike Chapple explains what this means for organizations.

In August 2015 the U.S. granted the Federal Trade Commission the authority to regulate enterprise cybersecurity....

What does this mean for organizations that are concerned about cybersecurity regulations?

Actually, not much has changed. The Federal Trade Commission has taken an active role in cybersecurity regulations for over a decade and will continue to do so in the future. In the case of Federal Trade Commission v. Wyndham Worldwide, the Third Circuit Court of Appeals ruled the FTC has the authority to regulate cybersecurity issues under the FTC Act. For those who don't know the history, Wyndham Worldwide was sued by the FTC after the hotel company experienced three separate major data breaches over the course of three years. The lawsuit alleged that Wyndham's "data security failures" led to the breaches and allowed attackers to make millions of dollars' worth of fraudulent charges using customers' payment card accounts -- Wyndham agreed to settle the case in December 2015. The Third Circuit Court of Appeals ruling allowed the FTC to use its authority to prohibit unfair or deceptive practices in its legal action against the hotel company, giving the agency some power over cybersecurity regulations. The ruling is a confirmation that the agency's practices comply with the law and bolsters the FTC's argument that cybersecurity is a regulated trade practice.

The bottom line for organizations subject to the authority of the FTC is they must continue to implement strong cybersecurity controls. Failure to do so may bring them under the regulatory eye, particularly in the wake of a security breach. Generally speaking, this applies only to for-profit businesses, as most nonprofit organizations are not subject to FTC oversight.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Find out what state cybersecurity regulations means for enterprise compliance

Learn about the effects of the Trans-Pacific Partnership agreement on security

Discover how to stay compliant now that Safe Harbor is over

This was last published in February 2016

Dig Deeper on Enterprise Compliance Management Strategy

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What's your opinion of the FTC ruling on security regulations?
Cancel
Are US institutions of higher ed subject to FTC oversight?

GLBA as well as the Red Flags Rule apply to Universities and both of them are overseen by the FTC.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close