FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”

Joseph Lazarrotti of JacksonLewis writes:

On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach notification requirement, despite there currently being no section of the Federal Trade Commission Act or implementing regulation imposing an express, broadly applicable data breach notification requirement. Businesses should nonetheless take this de facto rule into account as part of their incident response plans.

John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt
UK: 'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
A business's cyber insurance policy included ransom coverage, but when they needed it, the insurer refused to pay. Why?
Before Their Telegram Channel Was Banned Again, ScatteredLAPSUS$Hunters Dropped Files Doxing Government Employees (2)
Scenes from a "No Kings" Protest, 10-18-25
No Kings. Not Today. Not Ever.

Related: