Court Confirms FTC's Authority

Almost every news cycle has something in it regarding data security. As a business owner, you intuitively know that some of this should be important to you, but with so much out there, it seems an impossible task to sort through it all to see which are the parts that matter to you. Taking it a step further, even if you can figure out what parts should matter, can you turn these omens into simple actions to help you protect your business? If you try to act on every piece of information that comes out, not only will you never get back to those things that actually keep you in business, you won't actually protect yourself.

This is where we can help. The primary purpose of our newsletter/blog is to take the stories that you may see in the news and pull out the pieces that should matter to you and, more importantly, provide simple actions that you can take to either improve your security or reduce your risk.


A US Court of Appeals ruled today the FTC does in fact have the authority to regulate data security and privacy for the corporate world. The ruling was part of the case brought by Wyndham Hotels against the FTC, claiming that the FTC over-reached their authority.


Any company under the scrutiny of a regulator desperately wants to be somewhere else, particularly if the attention was the result of having done something wrong. The resources of the FTC make it so that the cases that they pursue are egregious and, in many cases, set new guidance for addressing the boundaries of data security. As such, many of the companies that wind up on the other end of an FTC suit feel as though they've been blind-sided. The point that most of these companies have missed is that if they had tried to do the right thing, they probably wouldn't have ended up where they are.


This court ruling not only demonstrates the authority of the FTC, it provides considerable weight to the previous rulings of the FTC. While these rulings may not be actual law, they are meant to be used to establish legal precedent for other cases. What this means to you, as a business owner, is that in the event that you have a breach, you probably won't have to worry about the FTC, but you almost certainly will have to be on the lookout for lawsuits from many other places.


average cost of a small business data breach in the US

197 days

time it takes companies to identify a data breach