Text of Section 5 of the FTC Act

Section 5 of the Federal Trade Commission Act, described in Chapter 1, is the primary law under which the federal government regulates data security. Although the statute does not explicitly mention data security or cybersecurity, the FTC has long interpreted its prohibition on unfair and deceptive trade practices as authority for the Commission to penalize companies for particularly egregious data security practices.

Text of Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45

1. Declaration of unlawfulness; power to prohibit unfair practices; inapplicability to foreign trade
   1. 1. Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.
   2. 2. The Commission is hereby empowered and directed to prevent persons, partnerships, or corporations, except banks, savings and loan institutions described in section 57a(f)(3) of this title, Federal credit unions described in section 57a(f)(4) of this title, common carriers subject to the Acts to regulate commerce, air carriers and foreign air carriers subject to part A of subtitle VII of title 49, and persons, partnerships, or corporations insofar as they are subject to the Packers and Stockyards Act, 1921, as amended [7 U.S.C. 181 et seq.], except as provided in section 406(b) of said Act [7 U.S.C. 227(b)], from using unfair methods of competition in or affecting commerce and unfair or deceptive ...