Does the U.S. Have a De Facto National DPA?
PRIVACY LAW—U.S.October 16, 2013
Traditional thinking posits that the U.S. does not have a national data protection authority. “But tell that to Google. Or TJX. Or CBR Sytems. Or any of the dozens of other companies that have been pursued by the U.S. Federal Trade Commission (FTC) over the past several years for alleged data security or privacy violations,” writes Steptoe & Johnson Partner Jason Weinstein. In this installment of Privacy Perspectives, Weinstein writes, “The FTC has made itself America’s de facto data protection authority through aggressive use of Section 5 of the FTC Act,” and, thus far, “the FTC is batting a thousand…” Challenges from Wyndham Hotels and LabMD, however, “symbolize the frustration felt by many companies” that believe they have been victimized once by a breach and then again by the FTC.