“Reasonable” Security: The FTC Requires It, But What Is “Reasonable” Security?


The Federal Trade Commission (FTC) has taken more than 25 actions alleging that inadequate information security constituted an unfair trade practice in violation of the FTC Act. In these enforcement actions, the FTC has targeted corporations for failure to implement “reasonable and appropriate security measures” and requires in the subsequent consent orders that the organizations implement a comprehensive written information security program and submit to thirdparty assessments of that program every other year for the duration of the order (usually 20 years).

But what does “reasonable security” really mean? And more important, how do you apply reasonable security measures to your business? Although you can rely to some extent on technology standards and industry best practices, information security law has evolved to a point where case law and FTC enforcement actions are a source of some suggestions.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Antitrust & Trade Regulation Updates, Business Organization Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »