skip to main content
logo_fullcolour

Be Vigilant About Your Organization's Cybersecurity or Face FTC Scrutiny

Last month, a federal court ruled that the Federal Trade Commission ("FTC") can sue businesses that fail to provide adequate protections against data breaches.
 
The decision stems from the FTC's lawsuit against Wyndham hotel chain.  The federal agency sued Wyndham after the company suffered three beaches between 2008 and 2012.  Hackers allegedly stole more than 619,000 credit-and-debit card numbers.  The FTC sued to force the company to tighten its security protocols and address any harm suffered by customers.
 
The FTC has established itself as the primary government regulator of cybersecurity.  To date, it has brought more than 50 data security-related cases, alleging unfair and deceptive business practices when a business fails to protect its customers' information.  Until Congress passes a federal data breach statute, businesses can continue to expect the FTC to police data breaches.
 
This case should serve as a warning to businesses.  If you have not developed a cybersecurity plan, you should do so now.  Data breaches are costly, likely several times more than what it may cost to prevent a breach.  In addition to the legal fees from a FTC lawsuit, you can expect to incur the following costs:
*    Notifying Customers: Under state data breach notification laws, you are required to notify any customer who may have had his information compromised.  The more customers you have, the more you will pay in mailing fees.
*    Cybersecurity Consulting: You may have to hire a cybersecurity consult to assess the breach and bolster network security.
*    Legal Fees:  You will have to hire an attorney to assist in responding to the FTC and other lawsuits and ensuring compliance with all applicable statutes.
The Ponemon Institute estimates that the average data breach costs a business $3.8 million.  Accordingly, it makes more financial sense to develop a plan, now, than deal with a breach after it occurs.
 
If you have questions about developing a cybersecurity plan, contact a member of MacDonald Illig's Emerging Technologies Practice Group.
 
Also, if you know of someone who may be interested in receiving these weekly updates, have that person e-mail vmadden@mijb.com to be added to the distribution list.