FTC Issues ‘Stick with Security’ Guidance Emphasizing Data Security Best Practices

Conor Duffy
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

The Acting Director of the FTC’s Bureau of Consumer Protection, Thomas B. Pahl, recently commenced a ‘Stick with Security’ series of blog posts that analyze the data security principles championed by the FTC in its Start with Security guidance. The posts are intended to impart lessons the FTC has learned via investigations and enforcement actions, and to highlight good/bad practices implemented by businesses, since the FTC’s issuance of its Start with Security guidance in June 2015.

In its first three posts (available here, here, and here), the FTC emphasized a number of straightforward best practices that can help businesses mitigate potential penalties in the event of a data security incident, including:

  • Companies should not collect any excess personal or sensitive information beyond that necessary for the company’s legitimate business purposes, and should not retain such information longer than absolutely necessary;
  • Default settings on devices, programs, software, and other items that feature privacy controls should be pre-programmed to higher security settings (thereby establishing enhanced baseline security levels and putting the onus on the user to reduce the security protection);
  • Restrict access to sensitive electronic and physical data through the use of access controls (such as locked file cabinets for physical data, and firewalls or restricted privileges for electronic data), and tailor administrative rights and access to maintain system security;
  • Users and administrators should securely store and protect system passwords, use complex and unique passwords, and guard against system attacks by limiting permissible log-in attempts and/or utilizing multi-factor authentication.

Although the FTC’s guidance in these posts is not new, the Stick with Security series provides simple reminders of basic steps that companies large and small can take to improve their data security and strengthen their standing with the FTC in the event of an investigation. Companies would be well advised to continue monitoring the posts, which are to be released weekly on Fridays until all 10 principles set forth in the Start with Security guidance are covered.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide