The Federal Trade Commission has asserted primary authority for protecting consumer data in the United States, and has taken an aggressive stance when it comes to enforcement. In many instances, the Commission has brought actions against companies that have, themselves, been the victim of a data breach, concluding that the breach would have been less serious had better security been in place. The consequences are serious – consent orders, fines, and legal fees combine to create a danger of financial insecurity for companies that are the subject of an investigation.
Our approach to the FTC is simple: we are proactive. By developing data security protocols in line with the Commission’s own guidance, we help clients create a system that, as the FTC puts it, “starts with security.” And for those circumstances where an action is commenced, we serve as litigation counsel in enforcements actions.
We also help clients comply with the requirements set by many other agencies and enforcers by providing guidance and counsel on the variety of data security and privacy laws that apply. These include:
- The Office of Civil Rights (OCR) at the Department of Health and Human Services
- The Office of Foreign Asset Control (OFAC) at the Treasury Department
- The Securities Exchange Commission (SEC)
- The Federal Communications Commission (FCC)
- The Consumer Finance Protection Bureau (CFPB)
- The New York Department of Financial Services (NYDFS)
- The law is complicated. Being DataSmart doesn’t have to be.