The Rise of Prescriptive Technical Safeguards in FTC Settlements

This resource provides an examination of how U.S. Federal Trade Commission (FTC) enforcement has evolved from broad “reasonable security” expectations to increasingly specific, prescriptive technical requirements in settlement orders. The paper traces this shift back to the watershed LabMD decision in 2018, which pushed the FTC to articulate more concrete standards when mandating data‑security improvements.

It highlights how recent settlements now incorporate explicit technical safeguards, such as mandatory multi‑factor authentication, enhanced access controls, and other defined security measures, reflecting the Commission’s growing emphasis on enforceability and measurable compliance. The paper also explores why certain technologies are being singled out, how these choices align with FTC guidance, and what this trend means for organizations that have not yet faced enforcement but may wish to adopt these safeguards proactively.