Your False Promise Of Cyber-Security Is An FTC Magnet

In the Third Circuit’s landmark decision in FTC v. Wyndham Worldwide Corporation, the court made clear the frequent overlap of “unfairness” and “deception” in cases involving a data-breach. You can’t publish a privacy policy to attract customers and then fail to make good on that promise by skimping on the resources it takes to do it, the court said. Some companies have addressed this dynamic by essentially backing off on the promise side. Virtually any assurance regarding security “is susceptible to scrutiny,” note the authors of this post from Orrick, and that’s why many companies include disclaimers “informing consumers that security measures may change, be unavailable from time to time, or even circumvented by sophisticated actors.” Companies need to make a judgment about how to strike a balance, the authors write: “Any legal benefits that disclaimer language may provide should be weighed against the PR/business impact of being viewed as shifting risk to the consumer.”