FTC Seeks Broader Cyber-Authority to Impose Civil Penalties
Legal Alerts
12.19.13
In recent years, the Federal Trade Commission (FTC) has increased its cyber-efforts to hold companies accountable for data breaches. On December 12, 2013, FTC Chairwoman Edith Ramirez promoted the idea of a new federal cyber-law that would require companies to notify consumers in the event of a data breach. Ramirez also wants the FTC to have the authority to impose civil penalties on the non-compliant companies.
This indication of greater federal government oversight and enforcement only heightens the already high legal and operational risks imposed on U.S. companies in the area of cybersecurity. According to a recent study, the average cost of cyber-attacks to 60 major U.S. companies equaled $11.5 million in 2013, up 26 percent from 2012.
The FTC’s efforts come on the heels of the Administration’s efforts to promote robust cybersecurity standards. The Cybersecurity Framework, mandated by Executive Order 13636, is scheduled to be released in final, “first-version” form in February 2014 as a voluntary, private-sector-led initiative.
Companies, and general counsel, should review the following on an annual basis to reduce the risk of civil and criminal fines and lawsuits:
- Data breach preparedness and response plans: should include enterprise-wide (including legal) involvement and be up-to-date with federal, state, and international cyber laws
- Supply chain and business partner agreements: should include cyber-provisions, such as indemnification from cyber lawsuits and fines, and audit rights of a business partner’s cyber-strength to ensure the company’s trade secret and consumer data is protected
- Due diligence checklists: should include cybersecurity considerations to be aware of risks that may be inherited through acquisitions
These considerations highlight only a handful of areas that should be reviewed in light of increased cybersecurity oversight, and the associated operational and legal costs and risks.
For more information, please contact the authors of this article, Jonathan Feld at (202) 906-8716 or (312) 627-5680 or jfeld@dykema.com, and Susan Asam at (313) 568-5332 or sasam@dykema.com, any of the lawyers listed to the left, or your Dykema relationship attorney.
As part of our service to you, we regularly compile short reports on new and interesting developments in our business services program. Please recognize that these reports do not constitute legal advice and that we do not attempt t cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments on this newsletter, or any Dykema publication, are always welcome. © 2013 Dykema Gossett PLLC.