Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
'
The Federal Trade Commission (FTC) was sued last month for refusing to turn over information about how the agency decides to bring data security cases.
The Freedom of Information Act suit by Philip Reitinger, a former Department of Homeland Security official who is now president of a cybersecurity company, comes as the FTC'defends its role as data security cop'in two ongoing cases.
'The FTC's data security activity has increased in recent years and is likely to continue to do so,' wrote Reitinger's lawyers, Steptoe & Johnson LLP partners Michael Baratz and Stewart Baker,'in the complaint. 'In light of this increased activity, it is important for the public, including entities subject to the FTC's data and cybersecurity enforcement, to understand the FTC's expectations for data security practices and the reasoning for its actions.'
Baker declined to comment, saying that 'the complaint speaks for itself.' A Federal Trade Commission spokesman did not immediately respond to a request for comment.
Reitinger sued after the FTC refused to share any nonpublic information about its policies for data and cybersecurity enforcement.
Such questions are central in a pending case in the U.S. Court of Appeals for the Third Circuit that'involves Wyndham Hotels and Resorts, and in an ongoing administrative trial against medical testing company LabMD Inc. The FTC sued both companies for alleged data security breaches.
'The FTC has not given notice of what cybersecurity practices are 'unreasonable,' ' wrote Wyndham counsel Eugene Assaf, a partner at Kirkland & Ellis, in a March 27 brief in the Third Circuit. Wyndham says it was the victim of an attack by Russian criminal hackers, and that the FTC is pursuing a 'novel and legally untenable theory that Wyndham committed an 'unfair' trade practice.'
LabMD president and CEO Michael Daugherty said in an email to the NLJ on Thursday that 'If businesses don't know what the law requires they can't comply.'
Daugherty said the FOIA suit 'strikes directly to the heart of the matter in LabMD's battle with the FTC. It must be unconstitutional for a government agency to refuse to disclose what standards and rules apply to a statute.'
The FTC has not proposed any rules laying out data security standards, though it has issued guidance. During oral argument in the Wyndham case, agency lawyers said rulemaking is impossible because cybersecurity is 'one of the fastest changing areas of technology.'
In refusing Reitinger's request for internal documents about data security enforcement, the FTC claimed FOIA exemption 5, asserting that all the material is protected by the 'deliberative-process privilege.' It also said that FOIA Exemption 7(E) applied, alleging that the documents are also law enforcement guidelines, and that their disclosure could 'reasonably be expected to risk circumvention of the law.'
So how is a company supposed to know what data security practices could get it in trouble? In the Wyndham and LabMD litigation, FTC lawyers said companies should look at the more than 50 data security lawsuits the agency has filed.
Those complaints 'are akin to policy statements or interpretive rulings, which, though not binding, 'reflect a body of experience and informed judgment to which courts and litigants may properly resort for guidance,'”the FTC said'in court papers.
Companies that have settled FTC charges for data security lapses include Snapchat Inc., Fandango LLC, HTC America, Twitter Inc. and Rite Aid Corp.
'
'
The Federal Trade Commission (FTC) was sued last month for refusing to turn over information about how the agency decides to bring data security cases.
The Freedom of Information Act suit by Philip Reitinger, a former Department of Homeland Security official who is now president of a cybersecurity company, comes as the FTC'defends its role as data security cop'in two ongoing cases.
'The FTC's data security activity has increased in recent years and is likely to continue to do so,' wrote Reitinger's lawyers,
Baker declined to comment, saying that 'the complaint speaks for itself.' A Federal Trade Commission spokesman did not immediately respond to a request for comment.
Reitinger sued after the FTC refused to share any nonpublic information about its policies for data and cybersecurity enforcement.
Such questions are central in a pending case in the U.S. Court of Appeals for the Third Circuit that'involves Wyndham Hotels and Resorts, and in an ongoing administrative trial against medical testing company LabMD Inc. The FTC sued both companies for alleged data security breaches.
'The FTC has not given notice of what cybersecurity practices are 'unreasonable,' ' wrote Wyndham counsel Eugene Assaf, a partner at
LabMD president and CEO Michael Daugherty said in an email to the NLJ on Thursday that 'If businesses don't know what the law requires they can't comply.'
Daugherty said the FOIA suit 'strikes directly to the heart of the matter in LabMD's battle with the FTC. It must be unconstitutional for a government agency to refuse to disclose what standards and rules apply to a statute.'
The FTC has not proposed any rules laying out data security standards, though it has issued guidance. During oral argument in the Wyndham case, agency lawyers said rulemaking is impossible because cybersecurity is 'one of the fastest changing areas of technology.'
In refusing Reitinger's request for internal documents about data security enforcement, the FTC claimed FOIA exemption 5, asserting that all the material is protected by the 'deliberative-process privilege.' It also said that FOIA Exemption 7(E) applied, alleging that the documents are also law enforcement guidelines, and that their disclosure could 'reasonably be expected to risk circumvention of the law.'
So how is a company supposed to know what data security practices could get it in trouble? In the Wyndham and LabMD litigation, FTC lawyers said companies should look at the more than 50 data security lawsuits the agency has filed.
Those complaints 'are akin to policy statements or interpretive rulings, which, though not binding, 'reflect a body of experience and informed judgment to which courts and litigants may properly resort for guidance,'”the FTC said'in court papers.
Companies that have settled FTC charges for data security lapses include Snapchat Inc., Fandango LLC, HTC America,
'
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.