Bloomberg BNA Quotes Kottkamp on FTC 2017 Data Security Enforcement
December 9, 2016
Richmond partner Nathan Kottkamp was quoted in a Dec. 7 Bloomberg BNA article about the priority the Federal Trade Commission is expected to retain in 2017 regarding corporate data security.
Kottkamp, whose practice includes healthcare and data security and privacy, likened complying with FTC data security standards under Section 5, to a game whose rules change while it’s being played. He said clear benchmarks for what constitutes reasonable security are needed.
The story notes that businesses large and small have struggled to determine the amount of security they have to provide to convince FTC’s enforcers that their levels of data security and the steps they take to protect personal data are reasonable. Yet setting boundaries remains elusive.
Few companies targeted by the FTC have challenged its enforcement authority. More than 50 have settled enforcement cases. Hotelier Wyndham Worldwide, however, did challenge the FTC’s authority under the unfairness prong of Section 5, but settled after the 3rd Circuit ruled that the agency was not obliged to specify a reasonable data security standard.
Kottkamp also said in the story that the FTC would turn more interest toward the fast-growing “internet of things” (IoT), or data connections between devices such as appliances, and the security concerns they present.
“The commission must think about IoT security — that’s where the economy is going,” Kottkamp said.