Earlier this week, we noted that the issue of companies leaking or exposing all sorts of private data was nothing new -- and wondered why it wasn't considered negligence. Apparently, that might be changing. The FTC today said that they had fined BJ's Wholesale Club for revealing private data and said very clearly that "inadequate data security can be an unfair business practice." It seems like they might have a lot of fines to give out these days, if the last few months of headlines concerning has been any indication. Of course, while the statement today says this is the "first time" inadequate data protection is being viewed as a potential unfair business practice by the FTC, that's not true. Last year, we wrote about the FTC fining Tower Records over a nearly identical issue. In that case, Tower's computer system had been hacked. Of course, this raises the inevitable question: at what point is the company liable? A determined hacker will find a way to break in to almost any system. Does it always make sense to blame the company for inadequately protecting the data? It seems like the FTC may face a very fine line here. There are some cases where companies are clearly negligent in protecting data, but in cases where the company is hacked, how does anyone determine if the company made a reasonable effort to protect the data or not?
If you liked this post, you may also be interested in...
- Feds To FISC: Of Course We Don't Have To Share Our Full Legal Filings With Companies Suing Us Over NSA Transparency
- Kansas City Cops Tell Man They'll Kill His Dogs And Destroy His Home If Forced To Obtain A Search Warrant
- Most Big Internet Companies Speak Out For Major Surveillance Reform
- Witness In No Fly List Trial, Who Was Blocked From Flying To The Trial, Shows That DOJ Flat Out Lied In Court
- Feds Insist It Must Be Kept Secret Whether Or Not Plaintiff In No Fly List Trial Is Actually On The No Fly List