Data Security | Federal Trade Commission

Skip to main content

Start with Security is a business education initiative designed to provide companies with practical resources to help them implement effective data security strategies. Start with Security: A Guide for Business draws on the lessons learned from the FTC’s enforcement actions. The 2017 Stick with Security series on the Bureau of Consumer Protection Business Blog offers additional insights into the ten Start with Security principles.

Start with Security

Start with Security is a business education initiative designed to provide companies with practical resources to help them implement effective data security strategies.

The new Start with Security: A Guide for Business draws on the lessons learned from the FTC’s enforcement actions.

Ring, LLC (May 31, 2023 )
Chegg (January 26, 2023 )
Drizly, LLC., In the Matter of (January 10, 2023 )
CafePress, In the Matter of (June 24, 2022 )
Twitter, Inc., U.S. v. (May 25, 2022 )
Ascension Data & Analytics, LLC, In the Matter of (December 22, 2021 )
Support King, LLC (SpyFone.com), In the Matter of (May 3, 2021 )
SkyMed International, Inc., In the Matter of (December 16, 2020 )
Zoom Video Communications, Inc., In the Matter of (November 9, 2020 )
NTT Global Data Centers Americas, Inc., In the Matter of (July 9, 2020 )
Tapplock, Inc., In the Matter of (May 20, 2020 )
InfoTrax Systems, L.C. (November 12, 2019 )
LifeLock, Inc., a corporation (October 8, 2019 )
LightYear Dealer Technologies, LLC, In the Matter of (September 6, 2019 )
LabMD, Inc. v. Federal Trade Commission (August 30, 2019 )
Equifax, Inc. (July 31, 2019 )
James V. Grago, Jr. doing business as ClixSense.com, In the Matter of (July 2, 2019 )
D-Link (July 2, 2019 )
Office Depot, Inc. (March 29, 2019 )
SmartStart Employment Screening, Inc., In the Matter of (November 19, 2018 )

FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users' Cameras (May 31, 2023 )
FTC Proposes Amendments to Strengthen and Modernize the Health Breach Notification Rule (May 18, 2023 )
Ovulation Tracking App Premom Will be Barred from Sharing Health Data for Advertising Under Proposed FTC Order (May 17, 2023 )
FTC Announces Tentative Agenda for May 18 Open Commission Meeting (May 11, 2023 )
FTC to Host Cloud Computing Discussion on May 11 (May 10, 2023 )
FTC to Host Virtual Panel Discussion on Cloud Computing, Extends Comment Deadline (May 4, 2023 )
FTC Proposes Blanket Prohibition Preventing Facebook from Monetizing Youth Data (May 3, 2023 )
FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security (March 22, 2023 )
FTC Launches New Office of Technology to Bolster Agency’s Work (February 17, 2023 )
FTC Finalizes Order with Ed Tech Provider Chegg for Lax Security that Exposed Student Data (January 27, 2023 )
FTC Finalizes Order with Online Alcohol Marketplace for Security Failures that Exposed Personal Data of 2.5 million People (January 10, 2023 )
FTC Announces Tentative Agenda for December 14 Open Commission Meeting (December 7, 2022 )
FTC Extends Deadline by Six Months for Compliance with Some Changes to Financial Data Security Rule (November 15, 2022 )
FTC Brings Action Against Ed Tech Provider Chegg for Careless Security that Exposed Personal Data of Millions of Customers (October 31, 2022 )
FTC to Host Annual PrivacyCon Event Virtually on November 1 (October 31, 2022 )
FTC’s PrivacyCon 2022 Will Feature Research on Commercial Surveillance, Automated Decision Making (October 25, 2022 )
FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers (October 24, 2022 )
FTC Extends Comment Deadline on Commercial Surveillance, Lax Data Security Practices Initiative Exploring Possible Rules (October 14, 2022 )
FTC to Host Forum on September 8 on Commercial Surveillance and Lax Data Security Practices (September 7, 2022 )
FTC Releases Final Agenda for Public Forum on Commercial Surveillance and Lax Data Security Practices (August 29, 2022 )

Out of the mouths of babes? FTC says Amazon kept kids’ Alexa voice data forever – even after parents ordered deletion(May 31, 2023)
Not home alone: FTC says Ring’s lax practices led to disturbing violations of users’ privacy and security(May 31, 2023)
Chatbots, deepfakes, and voice clones: AI deception for sale(March 20, 2023)
Looking back – and looking ahead – at the FTC’s commitment to protecting consumers in the digital marketplace(February 16, 2023)
Health app developers: Updated interactive tool can help you get started on compliance(December 6, 2022)
Compliance deadline for certain revised FTC Safeguards Rule provisions extended to June 2023(November 15, 2022)
How readiness can help protect veteran-owned businesses(November 10, 2022)
Live from your laptop, it’s PrivacyCon(November 1, 2022)
Multiple data breaches suggest ed tech company Chegg didn’t do its homework, alleges FTC(October 31, 2022)
In time for Halloween: Our Top 10 “Nightmare on Main Street” consumer protection horror films(October 25, 2022)
Data security forecast: Drizly with a 100% chance of far-reaching order provisions(October 24, 2022)
FTC forum on commercial surveillance and data security convenes soon(September 7, 2022)
FTC undertakes inquiry into commercial surveillance practices and wants your insights(August 16, 2022)
Amplifying the impact of your research(July 26, 2022)
Topics for FTC PrivacyCon 2022 include commercial surveillance, automated decision-making(June 6, 2022)
Twitter to pay $150 million penalty for allegedly breaking its privacy promises – again(May 23, 2022)
New publication offers guidance on revised FTC Safeguards Rule(May 24, 2022)
Security Beyond Prevention: The Importance of Effective Breach Disclosures(May 20, 2022)
What the pandemic has taught businesses about the collection of health information(April 21, 2022)
Data breach prevention and response: Lessons from the CafePress case(March 15, 2022)

PrivacyCon 2021
July 27, 2021
Data To Go: An FTC Workshop on Data Portability
September 22, 2020
PrivacyCon 2020
July 21, 2020
Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule
July 13, 2020
Green Lights & Red Flags: FTC Rules of the Road for Business
August 15, 2019
PrivacyCon 2019
June 27, 2019
Fighting Consumer Fraud and Identity Theft in Southern California
June 26, 2019
Webinar: Fighting Consumer Fraud and Identity Theft in South Dakota
December 6, 2018
Webinar: Fighting Consumer Fraud and Identity Theft in Oregon
November 29, 2018
Webinar: Fighting Consumer Fraud and Identity Theft in Ohio
November 28, 2018
Fighting Consumer Fraud and Identity Theft in Virginia
September 25, 2018
Fighting Consumer Fraud and Identity Theft in Wisconsin
September 18, 2018
Fighting Consumer Fraud and Identity Theft in North Dakota
August 2, 2018
Fighting Consumer Fraud and Identity Theft in Delaware
June 26, 2018
Fighting Consumer Fraud and Identity Theft in Minnesota
June 21, 2018
Fighting Consumer Fraud and Identity Theft in Nevada
June 6, 2018
Fighting Consumer Fraud and Identity Theft in Arkansas
May 17, 2018
Keeping Your Small Business Safe in the Digital Age
April 30, 2018
Fighting Consumer Fraud and Identity Theft in Hawaii
April 26, 2018
Fighting Consumer Fraud and Identity Theft in Wyoming
April 24, 2018

Remarks of Chair Khan at the May 2023 Open Commission Meeting (May 18, 2023 )
Statement of Commissioner Alvaro M. Bedoya in the Matter of Facebook, Inc. (May 3, 2023 )
Remarks of Chair Lina M. Khan Regarding the Presentation on Data Security at the December 2022 Open Commission Meeting (December 15, 2022 )
Statement of Chair Lina M. Khan Joined by Commissioner Alvaro M. Bedoya In the Matter of Drizly (October 24, 2022 )
Statement of Commissioner Christine S. Wilson Regarding the Combatting Online Harms Through Innovation Report (June 16, 2022 )
Statement of Commissioner Alvaro M. Bedoya Regarding Report to Congress on Combatting Online Harms Through Innovation (June 16, 2022 )
Statement of Commissioner Rebecca Kelly Slaughter Regarding the Commission's Report to Congress: Combatting Online Harms Through Innovation (June 16, 2022 )
Statement of Chair Lina M. Khan Joined by Commissioner Rebecca Kelly Slaughter in the Matter of Twitter, Inc. (May 25, 2022 )
Remarks of Samuel Levine at Cleveland-Marshall College of Law Cybersecurity and Privacy Protection Conference (May 19, 2022 )
Letter from FTC Commissioner Wilson to Senators Cantwell and Wicker re IRS Planned Use of Facial Recognition (January 31, 2022 )
Letter from FTC Commissioner Wilson to Representatives Schakowsky Rodgers and Bilirakis re IRS Planned Use of Facial Recognition (January 31, 2022 )
Letter from FTC Commissioner Wilson to Senator Wyden re IRS Planned Use of Facial Recognition (January 31, 2022 )
Dissenting Statement of Commissioner Rebecca Kelly Slaughter Regarding Ascension Data & Analytics LLC (December 22, 2021 )
Prepared Statement of the Federal Trade Commission: Curbing COVID Cons: Warning Consumers about Pandemic Frauds, Scams, and Swindles (April 27, 2021 )
Prepared Statement of the Federal Trade Commission: The Urgent Need to Fix Section 13(b) of the FTC Act (April 27, 2021 )
Opening Statement Of Acting Chairwoman Rebecca Kelly Slaughter before the United States House Committee on Energy and Commerce Subcommittee on Consumer Protection and Commerce: The Urgent Need To Fix Section 13(B) Of The FTC Act (April 27, 2021 )
Dissenting Statement of Commissioner Rohit Chopra Regarding Final Approval of the Settlement with Zoom Communications, Inc. (February 1, 2021 )
Dissenting Statement of Commissioner Rebecca Kelly Slaughter Regarding Final Approval of the Settlement with Zoom Video Communications, Inc. (February 1, 2021 )
Statement of Commissioner Christine S. Wilson In the Matter of Zoom Video Communications, Inc. (February 1, 2021 )
Dissenting Statement of Commissioner Rohit Chopra Regarding Ascension Data & Analytics [Redacted] (December 14, 2020 )

Combatting Online Harms Through Innovation (June 16, 2022 )
A Look at What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers (October 21, 2021 )
6(b) Orders to File Special Reports to Social Media and Video Streaming Service Providers (December 14, 2020 )
Reports in Response to Senate Appropriations Committee Report 116-111 on the FTC’s Use of Its Authorities and the Resources Used and Needed to Protect Consumer Privacy and Security (June 18, 2020 )
Privacy & Data Security Update for 2019 (February 21, 2020 )
Privacy & Data Security Update for 2018 (March 15, 2019 )
FTC Informational Injury Workshop: BE and BCP Staff Perspective (October 19, 2018 )
Engage, Connect, Protect: The FTC’s Projects and Plans to Foster Small Business Cybersecurity - The Federal Trade Commission Staff Perspective (April 10, 2018 )
Mobile Security Updates: Understanding the Issues (February 28, 2018 )
Do Web Hosts Protect Their Small Business Customers With Secure Hosting And Anti-Phishing Technologies? The Federal Trade Commission Staff Perspective (February 20, 2018 )
Privacy & Data Security Update (2017): An Overview of the Commission’s Enforcement, Policy Initiatives, and Consumer Outreach and Business Guidance in the Areas of Privacy and Data Security: January 2017 – December 2017 (January 18, 2018 )
The Connected Cars Workshop: The Federal Trade Commission Staff Perspective (January 9, 2018 )
Cross-Device Tracking: A Federal Trade Commission Staff Report (January 2017) (January 23, 2017 )
Privacy & Data Security Update (2016) (January 19, 2017 )
The "Sharing" Economy: Issues Facing Platforms, Participants & Regulators: A Federal Trade Commission Staff Report (November 2016) (November 17, 2016 )
Privacy & Data Security Update (2015) (January 25, 2016 )
Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues (FTC Report) (January 6, 2016 )
Privacy & Data Security Update (2014) (January 27, 2015 )
Federal Trade Commission Staff Report On the November 2013 Workshop Entitled The Internet of Things: Privacy and Security in a Connected World (January 27, 2015 )
What's the Deal? A Federal Trade Commission Study on Mobile Shopping Apps (August 2014) (August 1, 2014 )

Mobile Health App Developers: FTC Best Practices (December 7, 2022 )
Mobile Health App Interactive Tool (December 7, 2022 )
FTC Safeguards Rule: What Your Business Needs to Know (May 24, 2022 )
Complying with FTC’s Health Breach Notification Rule (January 21, 2022 )
Health Breach Notification Rule: The Basics for Business (January 21, 2022 )
Data Breach Response: A Guide for Business (February 1, 2021 )
Consumer Reports: What Information Furnishers Need to Know (January 13, 2021 )
Careful Connections: Keeping the Internet of Things Secure (September 29, 2020 )
Stick with Security: A Business Blog Series (October 12, 2017 )
Digital Copier Data Security: A Guide for Businesses (July 1, 2017 )
App Developers: Start with Security (May 17, 2017 )
Small Business Computer Security Basics (April 26, 2017 )
Conceptos básicos sobre seguridad informática para pequeños negocios (April 12, 2017 )
Protecting Personal Information: A Guide for Business (October 14, 2016 )
Start with Security: A Guide for Business (June 30, 2015 )
Comience con seguridad: una guía para negocios (June 30, 2015 )
Buying or selling debts? Steps for keeping data secure (April 7, 2015 )
Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business (May 2, 2013 )
Cómo Proteger la Información Personal: Una Guía para Negocios (November 7, 2011 )
Medical Identity Theft: FAQs for Health Care Providers and Health Plans (January 20, 2011 )

PrivacyCon 2021 (Part 2)

July 29, 2021

PrivacyCon 2021 (Part 1)

July 29, 2021

Data To Go: An FTC Workshop on Data Portability

September 22, 2020

PrivacyCon 2020 (Part 2)

July 21, 2020

PrivacyCon 2020 (Part 1)

July 21, 2020

FTC Workshop to Examine Safeguards Rule (Part 2)

July 13, 2020

FTC Workshop to Examine Safeguards Rule (Part 1)

July 13, 2020

FTC Press Conference on Facebook Settlement

July 24, 2019

FTC Press Conference on Equifax Settlement

July 22, 2019

PrivacyCon 2019 - Part 2

June 27, 2019

PrivacyCon 2019 - Part 1

June 27, 2019

FTC Hearing 12: April 10 Session 2 Remarks by FTC Commissioner Rebecca Kelly Slaughter followed by Panel Discussions on Accountability and Whether the FTC's Toolkit Concerning Consumer Privacy is Adequate

April 10, 2019

FTC Hearing 12: April 10 Session 1 Panel Discussions on the Role of Notice and Choice and the Role of Access, Deletion and Correction in Connection with Consumer Privacy

April 10, 2019

FTC Hearing 12: April 9 Session 2 Remarks by FTC Commissioner Noah Joshua Phillips followed by Panels on Consumer Demand and Expectations for Privacy and Current Approaches to Privacy

April 9, 2019

FTC Hearing 12: April 9 Session 1 Opening Remarks by FTC Chairman Joe Simons followed by Panels on the Goals of Privacy Protection and the Data Risk Spectrum

April 9, 2019

FTC Hearing 9: Dec. 12 Session 1 Data Security Assessments Panel Discussion followed by the Fireside Chat on Emerging Threats with FTC Commissioner Rebecca Kelly Slaughter

December 12, 2018

FTC Hearing 9: Dec. 11 Session 2 Incentives to Invest in Data Security; Session 3 Consumer Demand for Data Security

December 11, 2018

FTC Hearing 9: Dec. 11 Opening Remarks and Session 1 Presentations on Data Breaches

December 11, 2018

FTC Hearing 9: Dec. 12 Session 2 The U.S. Approach to Consumer Data Security followed by FTC Data Security Enforcement

FTC Hearing 6 - Nov. 8 Session 1: Perspectives on Data Policy