The Director of the FTC’s Bureau of Consumer Protection reflects on how the agency has taken action over the past year to strengthen its orders in data security cases. These orders have been a subject of focus for the FTC: in June 2018, the Eleventh Circuit’s LabMD decision struck down an FTC data security order as unenforceably vague, and the FTC subsequently held a hearing in the course of the FTC’s Hearings on Competition and Consumer Protection in the 21st Century on how it could improve data security orders. The FTC identified three categories of improvements in its orders: (1) more specificity regarding company requirements; (2) increased third-party assessor accountability; and (3) c-suite and board obligations.
