The FTC’s raison d’etre is the prevention of consumer harm. The FTC Act prohibits unfair or deceptive acts and practices. Both proscriptions are grounded in consumer harm: a material lie harms consumers because by definition a statement is material only if it affects decision-making; and conduct is “unfair” only if it harms consumers more than it benefits them. The importance of this harm requirement cannot be overstated. It provides an objective constraint on the FTC’s enforcement authority. Absent the yardstick of consumer harm, the FTC would be left to import its own subjective judgments of which business practices are too unsavory to survive scrutiny under the FTC Act. Accordingly, FTC actions should be judged by the extent to which they address actual consumer harm.

George Mason University’s James Cooper, “Identity theft, not big data, should be at the top of the FTC’s priority list.”  We couldn’t agree more. Holding a workshop on data security and issuing guidelines that explain how companies are supposed to predict their evolving responsibility to provide better data security would be an excellent start. Because the FTC’s current approach to data security (simply cajoling settlements) isn’t working, as we explained in our amicus brief urging a federal district court to dismiss the FTC’s complaint against Wyndham Hotels, the first company to fight back against the FTC.