A Washington Legal Foundation legal opinion titled “The FTC’s Black-Box Determination of Information’s Sensitivity Imperils First Amendment and Due-Process Rights” and written by Gerry Stegmaier, Wendell Bartnick, and Kelley Chittenden illustrates the troubling fact that although businesses are tasked with implementing “reasonable” data security that hinges, in part, on the sensitivity of information, the Federal Trade Commission (FTC) has never explicitly defined what “sensitive information” actually is. Instead, the FTC deems various categories as sensitive in a patchwork fashion without the benefit of industry or consumer input, leading to serious constitutional and pragmatic policy concerns. Rather than a “we know it when we see it approach,” the legal opinion suggests potential solutions, including formally designating a list of data types and basing sensitivity determinations on factors such as information’s propensity to cause harm, context, public exposure, accuracy, relevance, and currency.
To read the legal opinion, click here.