• Best CPA Networks
  • Best Cost-Per-Sale Affiliate Networks
  • Best Pay-Per-Call Networks
  • mThink Digital
  • Thought Leadership
    • White Papers
  • About
    • Content Marketing
    • Content Strategy
      • Web Content
      • Social Media Strategy
      • Webinars & Video
      • Thought Leadership
    • Performance Marketing
    • Portfolio
      • Revenue Performance
      • Accenture
      • Microsoft
      • Java Detour
      • Our Process
    • Contact Us

mThink

Blue Book Logo

BlueBook Logo

The Trusted Name in Performance Marketing

ROS Leaderboard

  • Home
  • Blue Book
    • About Blue Book
    • Blue Ribbon Panel
    • Interviews
    • Research Methodology
    • Back Issues
    • Advertising
      • Website Creative Specifications
      • Newsletter Creative Specifications
  • Best CPA Networks
  • Best Cost-Per-Sale Affiliate Networks
  • Best Pay-Per-Call Networks
  • Best European CPA Networks
  • Best CPA Networks for Affiliates
  • Best CPA Networks for Advertisers

FTC Defense Lawyer Alert:  FTC Data Security Enforcement Authority Takes a Hit

September 24, 2017 by Richard B. Newman

A District Court in Northern California has recently dismissed multiple “unfairness” claims against a company that manufactures and sells home networking devices on the grounds that the FTC failed to tie alleged data security violations to actual consumer injury.  The ruling potentially weakens the Federal Trade Commission’s position that it is not required to allege actual injury in order to bring an “unfairness” claim.

As alleged by the FTC, the defendant failed to protect its products from “widely known risks of unauthorized access” by not providing “easily preventable” measures against “‘hard-coded’ user credentials and other backdoors,” not maintaining the confidentiality of the private key it used to validate software updates, and not deploying “free software, available since at least 2008, to secure users’ mobile app login credentials.”

According to the Commission, these practices were both deceptive and unfair under Section 5 of the FTC Act.

While a number of the agency’s deception claims were not dismissed because the court held that the FTC had sufficiently alleged that defendant misrepresented the adequacy of security provided, that its routers were secure from unauthorized access and that its IP cameras were safe from unauthorized control, the Commission’s “unfairness” claims were all dismissed.

Recent data security cases have seen arguments, such as: (i) the FTC may not assert authority over general data security practices; (ii) lack of fair notice due to the absence of clear standards for fair data security practices; and (iii) the failure of the Commission to allege that “unfair” practices were ongoing.  They have all failed.

Here, however, the court agreed with the defendant’s argument that the FTC had failed to sufficiently plead that consumers had been injured.  The court explained that the FTC did “not allege any actual consumer injury in the form of a monetary loss or an actual incident where sensitive data was accessed or exposed.”

As per the FTC Act, the Commission cannot deem an act “unfair” unless, without limitation, that act “causes or is likely to cause substantial injury to consumers.”

Although the court granted the defendant’s motion to dismiss some claims, it upheld the FTC’s overall data security enforcement authority under the FTC Act.

The FTC has been granted leave to amend its complaint.  It is anticipated that the Commission will attempt to plead substantial injury by way of representations underlying the deception claims.

A copy of the FTC Complaint and the Order can be seen, here and here.

(FTC v. D-Link Sys., Inc., 2017 BL 330844, N.D. Cal., No. 17-cv-00039, motion to dismiss granted in part 9/19/17).

Takeaway:  It is not enough for the FTC to merely claim that consumer information was put “at risk.”  Wholly conclusory allegations of potential injury will not suffice.  Rather, concrete facts of a single incident where a consumer’s financial, medical or sensitive data has been accessed, exposed or misused are required to be alleged in order to support an “unfairness” claim.

Companies must take extreme care when making data security promises in connection with the sale of their products and offerings.  Contact an FTC defense lawyer if you are interested in implementing preventative compliance measures, or if your company is the subject of a local, state or federal regulatory investigation or enforcement action.

Follow the author on Twitter.

Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.  

ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777

Related posts:

  1. FTC Defense Lawyer Alert:  FTC Completely Hip to Partials Subscription-based billing models that fail to lawfully disclose material terms...
  2. FTC Defense Attorney Provides Data Security Investigation Insights The Federal Trade Commission continues to provide insight into ways...

Filed Under: Blue Book, Revenue Tagged With: FTC defense attorney, FTC defense lawyer

Search

ROS Col 2 Top

ROS Col 2 Mid

ROS Col 2 Low

Subscribe to our newsletter!

* indicates required

ROS Col 2 – 4 Misc

ROS Col 2 – 5 Misc

ROS Col 2 – 6 Misc

Recent Posts

  • FTC Reminds Lead Generators Not to Misuse Sensitive Consumer Data
  • Use of Certain Technologies to Track Web Session Data May Violate Law
  • How Financial Marketers Can Boost New Customer Growth on an Affiliate Model
  • Crypto Griftonomics And Influencers In Affiliate Marketing
  • Don’t forget about click-to-call: the most underrated vertical for social media traffic
  • Why The Speed of Relevance Can Help You Win
  • Why Should Marketers Invest In Pay Per Call?
  • CFPB Issues Warning About Contractual Gag Clauses and Consumer Reviews
  • New Blue Book Top 20 CPS Affiliate Network Results
  • FTC Rules With Civil Monetary Penalties for Deceptive Earnings Claims and Targeted Marketing May Be Forthcoming
  • New Blue Book Results: Top 20 CPA Affiliate Networks For 2022
  • FTC Rules With Civil Monetary Penalties for Deceptive Earnings Claims and Targeted Marketing May Be Forthcoming
  • Top 4 Ways To Make Your Call Campaigns More Successful
  • Perform[cb]’s New Mobile App For Partners Is A Game Changer
  • Shaping the Perfect Matchmaker for Content Creators

About mThink

mThink is a specialist digital marketing company based in San Francisco. We focus on media buying, Facebook marketing, direct response, social and mobile. In addition mThink produces the annual Blue Book Rankings of major performance marketing networks. Read More »

Baseboard

Copyright ©2022 · mThink. All rights reserved.
3053 Fillmore Street, Suite 325 | (415) 787-0250
Disclaimer | Privacy Policy