We’ve heard concerns, for instance, about the commission’s application of its unfairness authority to bring cases against private companies for lax data security practices. We all agree the consumers should be protected against unreasonable data security practices that put them at risk of identity theft and financial harm, but for some time now, the key element in any unfairness case has been whether or not a practice causes substantial, that is monetary, but not subjective injury to consumers.
In one recent high-profile case, the FTC sought to enforce against a small business on grounds that it failed to implement reasonable security measures to protect the sensitive consumer information on its computer network. The FTC took the extraordinary step of overturning the decision of its own administrative law judge who found, on the basis of the evidence in the case, no monetary harm to the effective consumers. We will continue to monitor developments in this case.