Who establishes and enforces your rights for data security at the places you shop? I used to think it was a matter of negligence law, or maybe contract. Both enforceable through a lawsuit.
Wrong, again, sort of. The FTC has assumed unto itself the responsibility for defending our rights, under its original charter (1914) to protect us from unfair or deceptive trade practices. We can still sue.
“FTC Wins A Round Over Data Security,” Wall Street Journal, April 8, 2014 B1 http://on.wsj.com/1n0hfLV
A Federal judge in New Jersey denied a motion to dismiss from Wyndham Worldwide Corp., alleging the FTC didn’t have the power to regulate Wyndham data security practices.
Maybe it’s a good thing. One more reason for the businesses to be careful with my information. May be cumulative. And the government is not necessarily the best at IT things. We’ll see.