FTC’s “Stick With Security” #2: Control Access to Data Sensibly

Snell & Wilmer
Contact

On August 4, 2017, the FTC released its second “Stick with Security” principle, which addressed the next step a company should take after it has identified confidential data in its possession and determined what information it needs to maintain for business purposes. The FTC’s advice is to “put limits in place to control access to data sensibly,” which can be done in two ways:

Restrict Access to Sensitive Data

If employees do not need to use personal information as part of their job, they should not have access to it, physically or electronically. Giving access to sensitive data when it is not necessary can create situations that put highly confidential information at risk. The FTC recommends a few best practices, such as utilizing a locking desk drawer, a “clean desk” policy, and limiting employee access to various databases based on a business need.

Limit Administrative Access

While it is essential for companies to put individual(s) in charge of modifying or changing network settings, a risk materializes if a systems administrator is untrustworthy, or if too many employees have administrative rights (for example, IT staffers have the same login as the receptionist or sales assistant). The FTC advices companies to restrict “backstage passes” to confidential information, i.e., limit access to data to only those who need it.

Written by:

Snell & Wilmer
Contact
more
less

Snell & Wilmer on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide