July 14, 2015

FTC Releases Data Security Guide for Businesses

The Federal Trade Commission (FTC) has released a guide for businesses with practical tips and advice to help organizations better secure their data. The guide, Start With Security, draws on more than 50 data security enforcement actions by the FTC against various businesses. The FTC notes that, “the specifics of the cases apply just to those businesses, but each action offers compliance nuggets for other companies to consider. Start With Security synthesizes the actions into 10 common-sense lessons that apply to businesses of all sizes and in all sectors.”  

This latest FTC guidance builds on its 2007 brochure, Protecting Personal Information: A Guide for Business, which describes fundamental data security principles. In Start With Security, the FTC encourages organizations to consider data security at the earliest possible stage and to make “reasonable choices based on the nature of their business and the sensitivity of the information involved.”

Companies are urged to learn these 10 lessons:

  • Start with security
  • Control access to data sensibly
  • Require secure passwords and authentication
  • Store sensitive personal information securely and protect it during transmission
  • Segment your network and monitor who’s trying to get in and out
  • Secure remote access to your network
  • Apply sound security practices when developing new products
  • Make sure your service providers implement reasonable security measures
  • Put procedures in place to keep your security current and address vulnerabilities that may arise
  • Secure paper, physical media and devices 

Data security and privacy breaches can impact organizations across all sectors of the economy, potentially compromising personal, employee, health, proprietary and financial information. These incidents may be attributable to something as simple as employee error, or more nefarious motives such as efforts to steal intellectual property or destroy a company’s reputation.

The FTC and other federal and state regulators are actively enforcing compliance in this area. Thus, regardless of the reason for a potential compromise, every organization should take preventive measures and be prepared to respond to and mitigate any harm caused by an incident. Good first steps toward better data security include examining data collection, retention, and sharing policies and practices; providing ongoing training to employees; and developing an effective incident response plan. 

The Faegre Drinker Biddle & Reath LLP website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Drinker Biddle & Reath LLP's cookies information for more details.