New Ruling Challenges FTC Authority to Regulate Cybersecurity Based on “Possible Consumer Harm”

New Ruling Challenges FTC Authority to Regulate Cybersecurity Based on “Possible Consumer Harm”

Jan 07, 2016

Client Alert

Brownstein Client Alert, January 7, 2016

A Nov. 13, 2015 ruling supports the argument that various companies and lawyers have been making for years: the Federal Trade Commission is exceeding its authority in prosecuting cybersecurity breaches under Section 5 of the Federal Trade Commission Act.

In a decision that spans more than 90 pages, Judge D. Michael Chappel, the Chief Administrative Law Judge (“ALJ”) for the Federal Trade Commission (“FTC” or “Commission”), issued his Initial Decision dismissing the FTC’s Complaint against LabMD, Inc. (“LabMD”). In his ruling, the ALJ concluded that showing that there is a mere possibility of consumer harm is insufficient to prove unfairness under Section 5(n) of the FTC Act. This finding is significant for numerous reasons, but chief amongst them is that it was the first cybersecurity ruling of its kind that analyzed the underlying authority that the FTC has been exercising. This decision can also have a significant impact on the FTC’s powers in other consumer protection clauses under sections of the FTC Act.

Click on above pdf to read entire article.

Meet The Team

Richard B. Benenson Shareholder T 303.223.1203 rbenenson@bhfs.com
Jonathan C. Sandler Shareholder T 310.564.8672 jsandler@bhfs.com