Although there is no standard set of measures that a company can implement to guarantee that it will be safe from data breaches – or from regulatory enforcement action should a data breach occur – recent multistate settlements with state Attorneys General (AGs) and the FTC provide valuable insight into what regulators view as reasonable and sufficient data security practices and illustrate practical steps that companies can take to reduce the likelihood of a data breach.
This article focuses on eight common requirements in recent AG and FTC settlements falling into three overall categories: (1) access control; (2) threat awareness; and (3) advanced technical security measures.
Originally published on Cybersecurity Law Report on January 8, 2020.
Please see full publication below for more information.