With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data. The FTC is tasked with protecting consumers from “unfair” and “deceptive” business practices and with data breaches on the rise, it has come to take that job much more seriously. The lessons in the guide are meant to aid businesses in their practices of protecting data and the FTC cites to real examples of its data breach settlement cases to help companies understand each lesson and the real world consequences that some companies have faced. Here are the lesson headlines:
- 1. Start with security;
- 2. Control access to data sensibly;
- 3. Require secure passwords and authentication;
- 4. Store sensitive personal information securely and protect it during transmission;
- 5. Segment networks and monitor anyone trying to get in and out of them;
- 6. Secure remote network access;
- 7. Apply sound security practices when developing new products that collect personal information;
- 8. Ensure that service providers implement reasonable security measures;
- 9. Implement procedures to help ensure that security practices are current and address vulnerabilities; and
- 10. Secure paper, physical media and devices that contain personal information.
Katherine McCarron, the Bureau of Consumer Protection attorney, explained that the Bureau “look[s] at a company’s security procedures and determine[s] whether they are reasonable and appropriate in light of all the circumstances” when evaluating an organization’s conduct. It is likely that this guide will become the FTC’s road map for handling future enforcement actions and will help businesses to remain on the safe side of the data breach fence.
Whether you run a mom and pop shop or a multi-million dollar company, this guide is a must-read for any business that processes personal information.
Start reading here.