FTC Ruling Will Lead to More Cybersecurity Suits, Lawyers Say

September 8, 2015 – In The News
The Legal Intelligencer

Scott L. Vernick was quoted in The Legal Intelligencer article, “FTC Ruling Will Lead to More Cybersecurity Suits, Lawyers Say.” Full text can be found in the September 8, 2015, issue, but a synopsis is below.

According to attorneys, lack of clear regulation and the Federal Trade Commission’s (FTC) newfound power – resulting from a federal appeals court’s decision giving the FTC the authority to enforce cybersecurity matters – could lead to more lawsuits.

The appeals court’s decision in the Wyndham case, in which the court ruled the hotel chain could be held responsible by the FTC for three data breaches, coupled with a lack of solid regulations governing cybersecurity, could mean the FTC will pursue many more companies in cybersecurity matters, said Scott Vernick, a noted privacy attorney.

This could affect the likes of Sony, Ashley Madison, Target and Home Depot, Vernick said, because “aside from the regulations put out by the credit card companies, for a broad swath of companies there are no regulations that you can look up,” on software, data encryption and other areas.

While some industries, such as health care, transportation and the financial sector, have more definitive regulations, Vernick said for most commercial entities, the FTC points to its past enforcement actions as a guideline.

According to Vernick, the FTC has no interest in establishing clear regulations because it has more flexibility to police cybersecurity matters without them.

Click here to view the full article.

This article was also featured in the Pittsburgh Post-Gazette and Delaware Law Weekly.