The Federal Trade Commission (FTC) was sued this week by Philip Reitinger, a fellow blogger and former Deputy Undersecretary of the Department of Homeland Security. He is now President of VisionSpear LLC, an information security and privacy company.
In November of 2014, Mr. Reitinger sent a FOIA request to the FTC requesting FTC “records describing standards, guidelines, or criteria for what conduct or omission constitutes an unfair act or practice in or affecting commerce authorizing FTC action, and criteria for bringing such an action, under 15 U.S.C. § 45, related to data or cyber security.”
Reitinger alleges in the suit that The FTC “failed to disclose a single record in response to this request.” The FTC alleged that it was unable to provide the documents as they were “deliberative and pre-decisional” or “attorney work-product.” Reitinger is asking the Court to order the FTC to immediately disclose all responsive records, and for declaratory and injunctive relief against the FTC.
The FTC has been on the hot seat in this area for some time, and has been challenged by both Wyndham Worldwide and LabMD for exceeding its authority in enforcing data security practices of companies that have suffered data breaches. This is another challenge to the FTC’s authority that we will be watching closely.