D-LINK SYSTEMS: POSSIBLE SIGNS FOR THE FUTURE OF FTC DATA SECURITY ENFORCEMENT
by Ronald Cheng and Mallory Jensen1
Enforcement actions by administrative regulators have been increasingly important for understanding the key requirements for data security compliance. In particular, the U.S. Federal Trade Commission (FTC or Commission) has asserted a major role, through its enforcement authority against unfair and deceptive practices under the Federal Trade Commission Act. Recently, as "Internet of Things" (IoT) products, such as security cameras, smart watches, and web-enabled refrigerators have proliferated in the marketplace, FTC enforcement action has adapted to address security issues that arise from the increased flow of data handled by these products.
Part of this trend is the FTC’s civil action for injunctive relief against the Taiwanese IoT manufacturer, D-Link Corporation, and its U.S. subsidiary, D-Link Systems, Inc. (collectively "D-Link").2 D-Link has fought the charges, and trial is pending for early next year in San Francisco federal court. This article describes the FTC’s recent approach to data security enforcement, with examples from the D-Link case to illustrate those enforcement practices.