The agency has no specific data security rules and operates from a vague statute, critics say
The FTC should back away from authority it says it has under a vague section of law that doesn’t mention data security, said the critics, including Mike Daugherty, CEO of Atlanta diagnostic lab LabMD, which is fighting an FTC complaint.
The agency should instead seek specific authority to enforce data security rules from the U.S. Congress and should define what data security standards it expects from companies, instead of seeking sanctions on a case-by-case basis, said speakers during a discussion on FTC authoritysponsored by TechFreedom, an antiregulation think tank, and Cause of Action, a government watchdog group defending LabMD.
The FTC’s complaint against the small lab wasn’t based on established rules that agency officials could point to, Daugherty said.
The FTC, instead of looking for real consumer harm, seems to be saying, “We’re going to take one victim and going to hold them accountable,” said Gerry Stegmeier, a privacy and data security lawyer.
Find more of the story here.
If you enjoyed reading this article, sign up for my newsletter and follow me on:
The Devil Inside the Beltway can be purchased: