How to Protect Consumer Data? Leave it to the Consumer Protection Agency: FTC Rulemaking as a Path to Federal Cybersecurity Regulation

Abstract

In the wake of cases challenging the scope of the Federal Trade Commission’s authority and its role in regulating cybersecurity, this Note considers the centrality of the FTC as a protector of consumer data. It broadly examines the current state of cybersecurity regulation and the need for a uniform national regime to protect consumer data. In considering different methods for realizing such federal oversight, this Note examines legislative and administrative options. Tracing the development of both highlights their shortcomings and reveals a potential solution. In the face of concerning legislative movement and uncertainty surrounding the FTC’s current enforcement philosophy, this Note endorses the employment of the FTC’s rarely used, but highly effective, rulemaking authority as a tool to complement and enhance its adjudicative enforcement.