Data Security

App developers: How does your app size up? Have your built security in from the start? The FTC has a dozen tips to help you develop kick-app security for your product.

Advice for businesses about building and keeping security into products connected to the Internet of Things, including proper authentication and access control, secure data management, and the importance of communicating with users effectively.

Does your business collect, use, or share consumer health information? When it comes to privacy and security, consider the Health Insurance Portability and Accountability Act; the HIPAA Privacy, Security, and Breach Notification Rules; the FTC Act and the FTC’s Health Breach Notification Rule.

Guidance for business on complying with the FTC’s Health Breach Notification Rule. Who’s covered by the Rule and what companies must do if they experience a breach of personal health records.

If you report information about consumers to consumer reporting agencies (CRAs) — like a credit bureau, tenant screening company, or check verification service — you have legal obligations under the Fair Credit Reporting Act's Furnisher Rule.

This guide addresses the steps to take once a breach has occurred. For advice on implementing a plan to protect consumers’ personal information and prevent breaches and unauthorized access, check out the FTC's Protecting Personal Information: A Guide for Business and Start with Security.

Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, then you’ve probably instituted safeguards to protect that information. Your information security plans also should cover the digital copiers your company uses. If the data on your copiers gets into the wrong hands, it could lead to fraud and identity theft.

Once your business is finished with sensitive information derived from consumer reports, what happens to it then? Under the Disposal Rule, your company must take steps to dispose of it securely.

The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. Are you up on what the revised Rule requires?

Under the FTC's Health Breach Notification Rule, companies that have had a security breach must: 1. Notify everyone whose information was breached; 2. In many cases, notify the media; and 3. Notify the FTC.

Under the FTC's Health Breach Notification Rule, companies that have had a security breach must: 1) notify everyone whose information was breached, 2) notify the FTC, and 3) in some cases, notify the media.

Explains how medical identity theft occurs, and how health care providers and insurers can minimize the risk and help their patients if they’re victimized.

When developing a health app, sound privacy and security practices are key to consumer confidence. Here are some best practices to help you build privacy and security into your app. These practices also can help you comply with the FTC Act and other federal laws and regulations.

You’re developing a health app for mobile devices and you want to know which federal laws apply. Check out this interactive tool.

Practical tips for business on creating and implementing a plan for safeguarding personal information.

Ten practical lessons businesses can learn from the FTC's 50+ data security settlements.

The 2017 Stick with Security series on the Bureau of Consumer Protection Business Blog offers additional insights into the ten Start with Security principles, based on the lessons of recent law enforcement actions, closed investigations, and experiences companies have shared about starting with security at their business.