
Following an 11th Circuit Court decision that struck down a 2018 Federal Trade Commission (FTC) order as “unenforceably vague,” the FTC has “instructed staff to closely review [their] orders to determine whether they could be strengthened and improved – particularly in the areas of privacy and data security.” Recent enforcement orders show the FTC is now providing clear instructions on what compliance means for data security and privacy practices.
This new approach means companies that handle personal data should examine their technical and organizational data security practices to ensure they can withstand tighter agency scrutiny.
FTC’s recent enforcement orders are quite specific about the data security practices it considers to be reasonable remediation to data security failures. In a recent blog post, the FTC lists three major changes to improve its data security orders.