REGULATION OF COMPANIES’ DATA SECURITY PRACTICES UNDER THE FTC ACT AND CALIFORNIA UNFAIR COMPETITION LAW
By Kathryn F. Russo1
News of data breaches dominates the headlines. Technology is advancing at a dizzying speed. Companies are collecting more sensitive personal information about consumers than ever before while hackers are devising new strategies to access this information.
In the context of this data-driven world, it is no surprise that companies’ data security practices are coming under increasingly strict scrutiny. The Bureau of Justice Statistics estimates that approximately 7 percent of all U.S. residents age 16 or older were victims of identity theft in 2012.2 Both the Federal Trade Commission and the California Attorney General have made it a priority to pursue enforcement actions against companies that do not have reasonable data security practices.