NFIB Challenges the Federal Trade Commission’s Ability to Punish Victims of Hacking

Date: May 03, 2013
For Immediate Release
Contact:  Kelly Hoffman 202-314-2054 or

Washington, D.C., May 3, 2013 – The National Federation of Independent Business (NFIB) Small Business Legal Center has filed an amicus brief with the U.S. District Court of New Jersey in Federal Trade Commission (FTC) v. Wyndham Worldwide Corp., et al.  The case challenges the FTC’s pattern of punishing businesses, including many small businesses, that are victims of criminal hacking by using its’ enforcement authority to regulate “unfair” trade practices under Section 5 of the FTC Act.

“The FTC is engaged in Monday Morning quarterbacking by holding businesses to data security standards that the agency develops without legal authority after a breach has occurred,” said Karen Harned, executive director of the NFIB Small Business Legal Center. “The FTC’s current approach to data security is particularly harmful for small businesses, who often are compelled to divert their time and resources on lawyers and litigation, rather than on growing their businesses – and creating jobs.”

Over the course of the past decade, the FTC has been punishing businesses who are hacking victims themselves for allegedly violating non-existent data security standards. FTC maintains that if you are the victim of a cyber-security attack, you must therefore have failed to take reasonable precautions to keep data secure. As a result, a business owner has no way of knowing whether it is compliant until after it’s been hacked and under fire from FTC enforcement officers. Following an investigation, the FTC typically leverages its’ enforcement authority to extract settlements from businesses. These so called “settlements” often give the FTC unchecked authority for the next 20 years to conduct audits and impose penalties on the business.  The FTC’s conduct raises serious due process concerns since it is not supported by any statutory grant of authority from Congress.

NFIB’s amicus brief argues that while small businesses are committed to data security, the FTC’s approach wrongly punishes the businesses who are victims of cyber hacking attacks, without providing companies fair notice of what is expected of them.

Karen Harned, executive director of the NFIB Small Business Legal Center, is available for media inquiries.


The NFIB Small Business Legal Center  is a 501(c)(3) organization created to protect the rights of America’s small business owners by providing advisory material on legal issues and by ensuring that the voice of small business is heard in the nation’s courts. The National Federation of Independent Business is the nation’s leading small business association, with offices in Washington, D.C. and all 50 state capitals.

Subscribe For Free News And Tips

Enter your email to get FREE small business insights. Learn more

Get to know NFIB

NFIB is America's leading small business association, promoting and protecting the right of our members to own, operate and grow their business

Find out more about
NFIB Membership

Or call us today



State Issues

Choose Your State


YEF Foundation Research Center Legal Foundation

Member Benefits