FTC Releases Data Security Guide for Businesses

Kathleen Rice
Faegre Drinker Biddle & Reath LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The Federal Trade Commission (FTC) has released a guide for businesses with practical tips and advice to help organizations better secure their data. The guide, Start With Security, draws on more than 50 data security enforcement actions by the FTC against various businesses. The FTC notes that, “the specifics of the cases apply just to those businesses, but each action offers compliance nuggets for other companies to consider. Start With Security synthesizes the actions into 10 common-sense lessons that apply to businesses of all sizes and in all sectors.”  

This latest FTC guidance builds on its 2007 brochure, Protecting Personal Information: A Guide for Business, which describes fundamental data security principles. In Start With Security, the FTC encourages organizations to consider data security at the earliest possible stage and to make “reasonable choices based on the nature of their business and the sensitivity of the information involved.”

Companies are urged to learn these 10 lessons:

  • Start with security
  • Control access to data sensibly
  • Require secure passwords and authentication
  • Store sensitive personal information securely and protect it during transmission
  • Segment your network and monitor who’s trying to get in and out
  • Secure remote access to your network
  • Apply sound security practices when developing new products
  • Make sure your service providers implement reasonable security measures
  • Put procedures in place to keep your security current and address vulnerabilities that may arise
  • Secure paper, physical media and devices 

Data security and privacy breaches can impact organizations across all sectors of the economy, potentially compromising personal, employee, health, proprietary and financial information. These incidents may be attributable to something as simple as employee error, or more nefarious motives such as efforts to steal intellectual property or destroy a company’s reputation.

The FTC and other federal and state regulators are actively enforcing compliance in this area. Thus, regardless of the reason for a potential compromise, every organization should take preventive measures and be prepared to respond to and mitigate any harm caused by an incident. Good first steps toward better data security include examining data collection, retention, and sharing policies and practices; providing ongoing training to employees; and developing an effective incident response plan.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Faegre Drinker Biddle & Reath LLP | Attorney Advertising

Written by:

Faegre Drinker Biddle & Reath LLP
Faegre Drinker Biddle & Reath LLP
Contact
more
less

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide