Cybersecurity, Privacy, & AI

Trending Now
Agriculture Department Kicks Off $300M Palantir Deal on IT, National Security Work • Vercel Attack Fallout Expands to More Customers and Third-Party Systems • Seeing the Cyber in Economic Statecraft • Responding to a Data Breach: How to Preserve the Attorney-Client Privilege • NIST Cyber Center to Launch OT ‘Visibility’ Project
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on June 1, 2022 • Cyber

Abracadabra! The FTC Pulls a New Federal Breach Notice Standard out of its Hat

Abracadabra! The FTC Pulls a New Federal Breach Notice Standard out of its Hat

Paul Brady Photography | Shutterstock

On May 20, 2022, with little fanfare and just five short paragraphs, the Federal Trade Commission announced that businesses must publicly report security incidents to prevent potential harms, even if no other applicable law would compel such notice. Specifically, the FTC opined, failing to disclose a breach to consumers and other affected parties could constitute an unfair or deceptive trade practice under Section 5 of the FTC Act.

Please don’t go looking for an explicit breach notification requirement in the FTC Act. It’s not there. Don’t look for a regulation, either. The only FTC-authored rule requiring notification of a breach applies to a limited audience: vendors of personal health records and (surprise!) health apps, courtesy of the HITECH Act.

Source:

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.

© PubKGroup 2024