FTC Data Security Enforcement: Analyzing the Past, Present, and Future
Competition Journal
Spring 2016

Associate Crystal Skelton authored the Competition Journal article “FTC Data Security Enforcement: Analyzing The Past, Present, And Future.” In this article, Crystal explains the current legal landscape on data security, the Federal Trade Commission’s legal authority to regulate data security practices, efforts to increase enforcement, and predictions for the future. She notes that, “The general takeaway from FTC’s data security enforcement actions is that a company’s data security practices may be considered ‘reasonable’ by the FTC (even if not perfect, and even within the context of a breach), if the company can demonstrate that it implemented comprehensive policies and access controls designed to protect consumer information; that the potential costs of more robust data security measures would offset any benefit to consumers in the aggregate and to competition; and that it did not misrepresent these practices in statements to consumers.”