超越“合理”:澄清联邦贸易委员会在数据安全执法行动中对其不公平权力的使用

IF 1 3区社会学 Q2 LAW

Fordham Law Review Pub Date : 2016-02-04 DOI:10.2139/SSRN.2727818

T. Deal

{"title":"超越“合理”:澄清联邦贸易委员会在数据安全执法行动中对其不公平权力的使用","authors":"T. Deal","doi":"10.2139/SSRN.2727818","DOIUrl":null,"url":null,"abstract":"Data security breaches, which compromise private consumer information, seem to be an ever-increasing threat. To stem this tide, the Federal Trade Commission (FTC) has been using its authority to enforce the prohibition against unfair business practices under Section 5 of the Federal Trade Commission Act (Section 5) to hold companies accountable when they fail to employ data security measures that could prevent breaches. Specifically, the FTC brings enforcement actions where it finds that companies have failed to implement “reasonable” data security measures. However, companies and scholars argue that the FTC has not provided adequate notice of what data security practices it considers “reasonable” for the purposes of Section 5.This Note first explains and critically analyzes several existing proposals that seek to bring clarity to the FTC’s application of its unfairness authority in the data security context. Then, this Note proposes a novel solution that encourages the FTC to explicitly outline its minimum data security requirements via nonlegislative rulemaking. Additionally, this Note contends that any FTC rulemaking should incorporate a principle of proportionality to ensure that companies know what data security measures they should implement based on the relative sensitivity of the consumer data that they retain. Lastly, this Note suggests that the FTC should also incorporate a safe harbor provision so that compliant companies know that, by following the FTC’s guidelines, they will be immune from Section 5 enforcement actions.","PeriodicalId":47517,"journal":{"name":"Fordham Law Review","volume":null,"pages":null},"PeriodicalIF":1.0000,"publicationDate":"2016-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Moving Beyond 'Reasonable': Clarifying the FTC's Use of Its Unfairness Authority in Data Security Enforcement Actions\",\"authors\":\"T. Deal\",\"doi\":\"10.2139/SSRN.2727818\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Data security breaches, which compromise private consumer information, seem to be an ever-increasing threat. To stem this tide, the Federal Trade Commission (FTC) has been using its authority to enforce the prohibition against unfair business practices under Section 5 of the Federal Trade Commission Act (Section 5) to hold companies accountable when they fail to employ data security measures that could prevent breaches. Specifically, the FTC brings enforcement actions where it finds that companies have failed to implement “reasonable” data security measures. However, companies and scholars argue that the FTC has not provided adequate notice of what data security practices it considers “reasonable” for the purposes of Section 5.This Note first explains and critically analyzes several existing proposals that seek to bring clarity to the FTC’s application of its unfairness authority in the data security context. Then, this Note proposes a novel solution that encourages the FTC to explicitly outline its minimum data security requirements via nonlegislative rulemaking. Additionally, this Note contends that any FTC rulemaking should incorporate a principle of proportionality to ensure that companies know what data security measures they should implement based on the relative sensitivity of the consumer data that they retain. Lastly, this Note suggests that the FTC should also incorporate a safe harbor provision so that compliant companies know that, by following the FTC’s guidelines, they will be immune from Section 5 enforcement actions.\",\"PeriodicalId\":47517,\"journal\":{\"name\":\"Fordham Law Review\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.0000,\"publicationDate\":\"2016-02-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Fordham Law Review\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.2727818\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fordham Law Review","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.2727818","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"LAW","Score":null,"Total":0}

引用次数: 1

摘要

泄露消费者私人信息的数据安全漏洞似乎是一个日益严重的威胁。为了遏制这一趋势，联邦贸易委员会(FTC)一直在利用其权力，根据《联邦贸易委员会法》(Federal Trade Commission Act，简称FTC)第5条，对不公平的商业行为实施禁令，要求那些未能采取数据安全措施防止违规行为的公司承担责任。具体来说，联邦贸易委员会会在发现公司未能实施“合理的”数据安全措施时采取执法行动。然而，公司和学者们认为，联邦贸易委员会没有提供足够的通知，说明它认为哪些数据安全实践对于第5条的目的是“合理的”。本说明首先解释并批判性地分析了几个现有的提案，这些提案旨在明确联邦贸易委员会在数据安全背景下对其不公平权力的应用。然后，本说明提出了一个新颖的解决方案，鼓励联邦贸易委员会通过非立法规则制定明确概述其最低数据安全要求。此外，本说明认为，任何联邦贸易委员会的规则制定都应纳入相称性原则，以确保公司知道他们应该根据他们所保留的消费者数据的相对敏感性实施哪些数据安全措施。最后，本说明建议联邦贸易委员会还应纳入安全港条款，以便合规公司知道，通过遵循联邦贸易委员会的指导方针，它们将免于第5条的执法行动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Moving Beyond 'Reasonable': Clarifying the FTC's Use of Its Unfairness Authority in Data Security Enforcement Actions

Data security breaches, which compromise private consumer information, seem to be an ever-increasing threat. To stem this tide, the Federal Trade Commission (FTC) has been using its authority to enforce the prohibition against unfair business practices under Section 5 of the Federal Trade Commission Act (Section 5) to hold companies accountable when they fail to employ data security measures that could prevent breaches. Specifically, the FTC brings enforcement actions where it finds that companies have failed to implement “reasonable” data security measures. However, companies and scholars argue that the FTC has not provided adequate notice of what data security practices it considers “reasonable” for the purposes of Section 5.This Note first explains and critically analyzes several existing proposals that seek to bring clarity to the FTC’s application of its unfairness authority in the data security context. Then, this Note proposes a novel solution that encourages the FTC to explicitly outline its minimum data security requirements via nonlegislative rulemaking. Additionally, this Note contends that any FTC rulemaking should incorporate a principle of proportionality to ensure that companies know what data security measures they should implement based on the relative sensitivity of the consumer data that they retain. Lastly, this Note suggests that the FTC should also incorporate a safe harbor provision so that compliant companies know that, by following the FTC’s guidelines, they will be immune from Section 5 enforcement actions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Fordham Law Review LAW-

CiteScore

1.10

自引率

12.50%

发文量

期刊介绍： The Fordham Law Review is a scholarly journal serving the legal profession and the public by discussing current legal issues. Approximately 75 articles, written by students or submitted by outside authors, are published each year. Each volume comprises six books, three each semester, totaling over 3,000 pages. Managed by a board of up to eighteen student editors, the Law Review is a working journal, not merely an honor society. Nevertheless, Law Review membership is considered among the highest scholarly achievements at the Law School.