Companies with personal information should take steps to safeguard their data. Otherwise, that information could fall into the wrong hands, resulting in fraud and other harm. The FTC promotes data security in the private sector through civil law enforcement; education; policy initiatives; and recommendations to Congress to enact legislation in this area. The touchstone of the FTC’s approach to data security is reasonableness: a company’s data security measures must be reasonable in light of the sensitivity and volume of consumer information it holds, the size and complexity of its data operations, and the cost of available tools to improve security and reduce vulnerabilities.
Start with Security
The new Start with Security: A Guide for Business draws on the lessons learned from the FTC’s enforcement actions.