Amidst mounting pressure to pursue cybersecurity more aggressively, the Federal Trade Commission (“FTC”), the federal government’s most active enforcer in the space, has recently imposed increasingly stringent cybersecurity requirements in its consent orders. Given that FTC consent orders typically carry 20-year terms and a potential fine of $42,530 (which the FTC may contend applies to each consumer subject to a breach), it is vital for companies faced with an FTC cybersecurity investigation to take every possible step to narrow the scope of relief requested by the FTC. Several recent FTC cybersecurity settlements illustrate an emerging pattern: a company that litigates may secure a better deal than it would have received in an initial settlement, if not defeat the action entirely. But when considering whether to settle or litigate with the FTC, companies must still balance the various legal, business, and reputational risks at stake.
Monica A. Svetoslavov
Monica Svetoslavov is an Associate in Orrick’s Washington, D.C., office and is a member of the Complex Litigation & Dispute Resolution group.
Monica focuses on complex commercial litigation, including contract disputes, antitrust matters, cybersecurity class actions, and false claims act issues. She represents both plaintiffs and defendants in state and federal court. She has experience in all stages of litigation, including pre-suit research and investigations, pleadings, discovery, expert and fact witness depositions, dispositive motions, Daubert motions, and pre-trial filings.
Monica also has experience in government enforcement matters, including investigations by the Federal Trade Commission (FTC), state AGs, and local district attorneys. She is also active in pro bono matters. Monica has defended tenants in D.C. Superior Court and currently represents a veteran before the VA in a claim for service-related disability benefits.