Section 5 of the Federal Trade Commission Act provides a powerful tool for the federal government to regulate companies’ data-security practices. Rather than adopt specific data-security standards, the FTC often uses Section 5’s flexible and open-ended concepts of unfairness and deception to bring enforcement actions against companies for data-security failures. […]
Consumers and businesses aren’t the only sources of potential privacy and data-security litigation. Today’s post looks at another important source: the Federal Trade Commission and state consumer-protection regulators. In many cases, government enforcers don’t have express authority to sue for “privacy” or “data security” violations. Instead, the FTC often sues based […]
We’ve previously discussed the “overpayment” theory of injury in data-breach litigation. This theory rests on the premise that the price of a product or service includes a payment for data security measures. When a data breach happens, buyers allege they have overpaid for the product or service because the seller […]
Consumers aren’t the only plaintiffs in data-breach litigation. Businesses sue, too. When they do sue, businesses can be strong plaintiffs. This is because, unlike consumers, businesses usually can establish standing, since they’re more likely to have suffered direct financial loses that can be readily identified. This doesn’t mean, however, […]