back to article FTC gets judicial thumbs-up to sue firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …

COMMENTS

This topic is closed for new posts.
  1. btrower

    It's a stumper

    Hate the notion of the state extending its power even a shred more. On the other hand, we need slap-downs like this to get people to take this stuff seriously. I have *three times* had money swiped due to compromises due to the negligence of financial institutions. One was fixed in a few days, one took a year to get my money back and one is pending me filing a lawsuit to get my money back.

    Companies do this stuff because they offload risk to their customers. Looks like the jig may be up for some of them.

    1. I. Aproveofitspendingonspecificprojects

      When people use US companies

      When people use companies from countries like Britain, Russia and the USA we can only expect security lapses and for them to< only< work< one< way<. No court in Jersey or New Jersey or Nova Jxrbzsky for that matter is going to take on the NSA or the like.

      What I can't understand is how Google, Facebook and all the rest of them haven't been replaced by now with highly satisfactory user products. But then, with monoliths like Apple controlling economies we are looking at a new form of government and a new form of world peace.

      Maybe that's the reason we haven't had a world war in a while but we have had plenty of genocide and that is entirely to do with mafia style gang wars. Things could start to get really interesting at the top in a few generations. Children from that era will have difficulty appreciating how Microsoft products operated.

      I hope.

      1. Anonymous Coward
        Anonymous Coward

        Re: When people use US companies

        What I can't understand is how Google, Facebook and all the rest of them haven't been replaced by now with highly satisfactory user products.

        Nobody else is able to offer services at such a low price point without striking the same data supplier deal with governments, so it is effectively a monopoly. In addition, it must be observed that for all its faults, the Google search engine (what gave them their edge) is still one of the best. I've tried the alternatives, including privacy protecting startpage.com, IxQuick and Duck Duck Go (must try that one again) - they are simply not as good.

    2. Anonymous Coward
      Anonymous Coward

      Re: It's a stumper

      we need slap-downs like this to get people to take this stuff seriously

      Yes, but stupidity is not the problem. Sure, you need punishment there, but what this loud announcement seeks to camouflage is that US law enforcement and government agencies can wander in any time and demand the data without any transparency or due process, so congratulations, you now have selective law enforcement.

      I expect a LOT of noise this year with initiatives like that, but the fundamental issue (the one that is busy disabling trade with the EU) is federal laws. I can't see that fixed any time soon.

    3. Dodgy Geezer Silver badge

      Re: It's a stumper

      ..Hate the notion of the state extending its power even a shred more. .

      I agree. However

      the FTC also alleges that Wyndham stored credit card information on its servers in unencrypted plain text...

      is a clear PCI-DSS violation. The state should allow people to sue if basic standards are not met...

    4. Tom 13

      Re: It's a stumper

      There are appropriate ways for the state to extend its power to cover these problems. An executive agency arbitrarily extending its powers is not one of them.

      You want a fix that would work? Let people who've been injured file suit via arbitration or small claims court to get their money back, including attorneys fees (but no corresponding payment of lawyers fees to the corporations). And make all those "sign away your rights" contract clauses null and void on their face without need for trial.

  2. RobHib

    What if this extended to Windows?

    Hum, if that ruling/case law ever gets applied to Microsoft/Windows then life will get really interesting.

    Seems to me that consumer legislation, fitness for purpose etc., could apply. The logic goes that if one's OS is easily hacked then by definition it's not 'fit for purpose'.

    ,

    1. Ole Juul

      Re: What if this extended to Windows?

      It could extend to a lot of things. Unfortunately the definition of "fit for purpose" usually depends on whether you're on the winning or losing side of the transaction. To many companies, once a product is sold then it has fulfilled its purpose.

      1. Anonymous Coward
        Anonymous Coward

        Re: What if this extended to Windows?

        But, by their own logic, their software is never sold, merely licensed non-transferrably. Because if their software was actually sold, exhaustion/first-sale doctrine kicks in and they can't prevent a resale of the product that includes the license with it.

        So turn their words against them. Either software is sold, meaning it can be resold legally, or it's not sold and they're on the hook to keep it "fit for purpose."

  3. Dodgy Geezer Silver badge

    ?

    ...and in some cases didn't even know where its servers were physically located...

    So they used the Cloud. Why is this (on it's own) an issue?

    1. Kanhef

      Re: ?

      Using a cloud service isn't an excuse for this. Would you be comfortable putting sensitive data on a server in Beijing? If you don't even know where your data is, you have no idea how well it's secured – and it might as well not be.

      1. Tom 13

        @ Kanhef Re: ?

        OK, ok. He left of the Joke Icon.

        This is El Reg. You're supposed to be smarter than that.

  4. John Tserkezis

    Sadly, I don't think it's going to make any difference.

    If past behaivour is anything to go by, by the time anyone finds out the company was led by corrupt management, the monies have been distributed and everything else gutted. When administration moves in, there probably isn't enough money left over to pay for their lunches.

    What's the difference when it comes to compaies that are lazy with our data? They're most likely structured to look like they're not making any profit at all, apart from a modest office, there's not much hardware since they've outsourced all that to cloud providers, and it's not the cloud provider's fault, because they only supply the computing power and storage.

    Net result: everyone gets screwed except the ones running the joint, because they've conveniently moved the profits they didn't make, into assets that technically don't belong to them, or into accounts no-one knows about.

This topic is closed for new posts.

Other stories you might like