The Korean Communications Commission (KCC) announced, on 21 August 2015, the implementation of a new penalty scheme, which allows companies, that have voluntarily reported a data breach to the KCC, to receive a reduction on the total administrative fine prescribed of up to the 30% (‘the New Reduction Scheme’). The New Reduction Scheme operates in addition to the KCC’s penalty regime, by helping companies to mitigate a fine for a data breach, when they proactively cooperate with the KCC during the investigations.
The court goes on to find that Wyndham had sufficient notice of the requirements of Section 5 under the standard that applies to judicial interpretations of statutes. And it expressly notes that, should the district court decide that the higher standard applies – that is, if the court agrees to apply the general law of data security that the FTC has tried to develop in recent years – the court will need to reevaluate whether the FTC’s rules meet Constitutional muster. That review would be subject to the tougher standard applied to agency interpretations of statutes.
Should this happen – should the FTC convince the district court that its prior cases are relevant – the Third Circuit’s opinion bears ill portents for the Commission.