FTC's Guidance On Incident Response

The Federal Trade Commission has been a governmental agency struggling to stake a claim as a cybersecurity regulator. Clients often ask, what does the FTC have to do with cybersecurity? The short answer is that the FTC asserts its authority under the "unfair practices" prong of the FTC Act.

Aside from the numerous settlements and consent orders that the FTC has obtained. There are a couple of notable cases where the FTC has been very successful in challenging business practices: 1) FEDERAL TRADE COMMISSION v.

WYNDHAM WORLDWIDE CORPORATION, and 2) FEDERAL TRADE COMMISSION v. LABMD, INC.

To further assert its authority in the area of cybersecurity law, the FTC has recently released guidance to responding to an incident response found HERE.

Here is the high level outline of the guide:

  1. Secure Your Operations (which includes consulting legal counsel)

  2. Fix Vulnerabilities

  3. Notify Appropriate Parties (a Model Letter is included)

If a company experiences a data breach of customer information from computer hackers, then it can expect to be subsequently attacked by its own customers...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT