FTC Expects Data Security Precautions

By: Arieanna Schweber | 9/22/2015

The FTC held its first “Start with Security” conference earlier this month, designed to help organizations implement effective data security strategies. This supply on educational resources comes soon after the Third Circuit re-affirmed the FTC’s authority to regulate data security standards of commercial entities. With the FTC’s authority now on firmer ground, it could be that we see the FTC step up more strongly with data security enforcement.

At the “Start with Security” conference, FTC Chairwoman Edith Ramirez was interviewed by Re/code on the FTC’s role in handling data security.

"We’re the chief federal agency that’s charged with protecting consumer privacy. Broadly speaking, we have jurisdiction over the commercial sector. In terms of our enforcement program, we’ve brought a wide range of actions against a wide range of companies.

We’re trying to ensure that companies are making truthful representations about their data practices and their privacy practices. And we’re working to make sure that companies are taking reasonable actions to include security in the earliest stages of product development."

In the interview, Chariwoman Ramirez reminds us all that the FTC ‘expects’ companies to have data security precautions in place, knowing of course that the appropriate level of security across companies will vary.

The FTC recently released a business guide that summarizes compliance lessons learned from the more than 50 data security settlements to-date. Start with Security: A Guide for Business offers actionable data security tips based on real-life security incidents and subsequent law enforcement actions. We discussed the 10 common sense lessons from the guide, and now the FTC is releasing a series of videos to go along with the text guide.

The first video is all about minimizing the data you collect. In an age where data storage costs are going down, and analytics has powered many new uses of data, many organizations have found themselves storing far more information than is needed. By collecting only the data that is needed, and storing it only as long as it has a business need, you can minimize the risk of data exposure.

At Absolute, we want to support your organization with technology solutions to make data protection easy. Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single console. Computers and ultra-portable devices such as netbooks, tablets, and smartphones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.

Financial Services