The Federal Trade Commission (FTC) is the primary federal data security regulator in the US. The FTC has brought numerous data security enforcement actions under Section 5 of the FTC Act for unfair or deceptive trade practices.
The FTC typically enters into consent decree with violating organizations, rather than litigating data breach cases. The FTC may seek redress in the form of civil penalties in some data breach enforcement actions. When recovering a civil penalty, the FTC must file suit in federal court. Generally, the FTC will negotiate the terms of a stipulated judgment with the violating organization prior to filing suit and then concurrently files its civil complaint and stipulated judgment. In recent Consent Decrees, the FTC has negotiated language requiring the violating organization to report any notifiable data breaches and submit compliance reports with specific criteria to the FTC.
In this webinar, you will learn how to use Resilient’s customization features to develop a framework to comply with the data breach notification requirements of an FTC consent decree.