Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Data security

2016

Journal

Science and Technology Law

Articles 1 - 2 of 2

Full-Text Articles in Law

A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini Jun 2016

A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini

Michigan Law Review

Following a data breach, consumers suffer an increased risk of identity theft because of the exposure of their personal information. Limited protection by data-breach statutes has made it difficult for consumers to seek compensation for these injuries and penalize the companies that fail to protect their information, leading consumers to bring common law claims in court. Yet courts have disagreed about whether an increased risk of identity theft qualifies as an injury-in-fact under Article III standing principles: the Seventh and Ninth Circuits have approved of increased risk standing, while the Third Circuit has rejected it. The Supreme Court has further …


Moving Beyond “Reasonable”: Clarifying The Ftc’S Use Of Its Unfairness Authority In Data Security Enforcement Actions, Timothy E. Deal Apr 2016

Moving Beyond “Reasonable”: Clarifying The Ftc’S Use Of Its Unfairness Authority In Data Security Enforcement Actions, Timothy E. Deal

Fordham Law Review

Data security breaches, which compromise private consumer information, seem to be an ever-increasing threat. To stem this tide, the Federal Trade Commission (FTC) has relied upon its authority to enforce the prohibition against unfair business practices under section 5 of the Federal Trade Commission Act (“section 5”) to hold companies accountable when they fail to employ data security measures that could prevent breaches. Specifically, the FTC brings enforcement actions when it finds that companies have failed to implement “reasonable” data security measures. However, companies and scholars argue that the FTC has not provided adequate notice of which data security practices …