The Federal Trade Commission (FTC) has applied increasing scrutiny to the issue of cybersecurity, after announcing this spring that a failure to provide accurate and timely notice of a data breach could constitute an unfair or deceptive practice under Section 5 of the FTC Act.
The agency has taken recent enforcement action concerning a company’s purported failure to maintain reasonable cybersecurity and/or timely disclose a data breach, including this week against Drizly and a Drizly executive. Kristin Bryan, a Law360 Cybersecurity and Privacy MVP who handles high-stakes data and security disputes, has been covering this development on CPW. She was interviewed by the Washington Post yesterday on this topic and its broader implications, including whether additional regulation in this space is required.
You can read Kristin’s comments and the Washington Post’s analysis of this issue here: The FTC is doing more to protect data, but to some it’s still not enough.