Digital Commons @ University of Georgia School of Law
Abstract
In a world where vast amounts of personal informationare obtained and stored by countless organizations andbusinesses in the public and private sector, data breaches,
due to negligence or nefarious hacking, are a far toocommon occurrence. The results of a data breach can beserious and widespread, from public humiliation toidentity theft and national security crises. In an effort toprotect consumers from the potentially devastating effectsof data breaches, the Federal Trade Commission hasbegun to take enforcement action against businesses whosedata security practices are alleged to be unfair anddeceptive. Theoretically, states can take similar actionsunder their Little FTC Acts or data breach notificationlaws.This Note argues that Georgia\u27s Little FTC Act, theFair Business Practices Act, and data breach notificationlaw, the Georgia PersonalIdentity ProtectionAct, provideinsufficient protection from data breaches for Georgiaconsumers and insufficient recourse for those harmed bybreaches. This Note also proposes several changes inGeorgia\u27s statutory scheme that would incentivizeorganizations to implement stronger data securitymeasures and provide better remedies for injuredconsumers
