Companies concerned about whether they are meeting data security standards acceptable to the Federal Trade Commission have new help. The FTC has been sharing some lessons learned from its data security investigations that were closed without formal enforcement action.
Even though the commission makes public administrative and federal court resolutions of its data security enforcement actions, investigations that are resolved short of such an action have been largely opaque. Sharing information on the nonpublic resolutions process may help companies, and their legal counsel, better understand what the FTC expects in holding companies to a “reasonable data security” standard.
The FTC “Stick with Security” blog initiative builds on its “Start with Security” guidance. The posts use hypothetical examples of security best practices to highlight common themes that have emerged from closed data security investigations.
In the absence of direct data security statutory or regulatory authority, the commission has cited the catch-all prohibition against unfair and deceptive trade practices in Section 5 of the FTC Act to carry out data security compliance actions. Companies under the FTC’s jurisdiction—from internet giants Amazon.com Inc. and Facebook Inc. to smaller businesses such as defunct medical testing company LabMD Inc.—have struggled with what level of data security they must provide to convince the nation’s main data security and privacy enforcement agency that their efforts to protect personal data are reasonable.
LabMD has challenged the FTC’s enforcement standard, and the level of harm required for the FTC to act was “front and center” during federal appeals court oral arguments in June. LabMD argued that the FTC shouldn’t be able to base its action on the mere fact that a company suffers a data breach, but should be required to make a showing of consumer harm.
The commission’s latest blogs have addressed securing remote access to networks; applying sound security practices while developing new products; making sure service providers implement reasonable security measures; putting procedures in place to keep security current and address vulnerabilities that may arise; and securing paper, physical media, and devices.
In earlier blogs, the commission discussed FTC investigations; limiting data collection, retention, use, and training staff; restricting access to data and administrative access; using secure passwords and authentication measures; storing sensitive personal information securely and encrypting it during transmission; and segmenting and monitoring network traffic.
Although some of the lessons may seem obvious, privacy and security attorneys have told Bloomberg BNA that it is always helpful to get insight into the FTC’s regulatory expectations and what the commission believes is “reasonable data security.”
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)