“Reasonable” Security: The FTC Requires It, But What Is “Reasonable” Security?

Poyner Spruill LLP
Contact

The Federal Trade Commission (FTC) has taken more than 25 actions alleging that inadequate information security constituted an unfair trade practice in violation of the FTC Act. In these enforcement actions, the FTC has targeted corporations for failure to implement “reasonable and appropriate security measures” and requires in the subsequent consent orders that the organizations implement a comprehensive written information security program and submit to thirdparty assessments of that program every other year for the duration of the order (usually 20 years).

But what does “reasonable security” really mean? And more important, how do you apply reasonable security measures to your business? Although you can rely to some extent on technology standards and industry best practices, information security law has evolved to a point where case law and FTC enforcement actions are a source of some suggestions.

Please see full publication below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Poyner Spruill LLP
Contact
more
less

Poyner Spruill LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide