Protecting Personal Information – with a twist

Share This Page

Want something old and something new, all in one? Check out the FTC’s updated “Protecting Personal Information: A Guide for Business.” It’s the same principles that we’ve relied on for years, but with a new twist. You’ll find the latest tips about technologies that have emerged since we last published the guide. And a fresh look to match the Start with Security business education campaign.

The updated version relies on the same bedrock principles: (1) Take Stock, (2) Scale Down, (3) Lock It, (4) Pitch It and (5) Plan Ahead. And the new twist? Here’s a glimpse of some of the updated advice:

  • If your company is developing a mobile app, “Scale Down” by making sure the app accesses only data and functionality that it needs. And don’t collect and retain personal information unless it’s integral to your product or service.
  • If you’re implementing the principle of “Lock It,” consider using multi-factor authentication, such as requiring the use of a password and a code sent by different methods.
  • If you’re sending information over your wireless network, encrypt it so that nearby attackers can’t eavesdrop. Look for a wireless router that has Wi-Fi Protected Access 2 (WPA2) capability and devices that support WPA2.

Sometimes little things mean a lot too. Instead of referring to CDs, tapes and floppy discs (who uses those anymore?), we’re talking about thumb drives now. Instead of simply saying “Scale Down,” we’re using lingo like the “principle of least privilege” (that means each employee should have access only to those resources needed to do their particular job). And instead of Secure Sockets Layer (SSL) encryption, we’re talking about Transport Layer Security (TLS) encryption these days.

Want more advice on cybersecurity? Check out our Start with Security guide and videos at And for more compliance resources, don’t forget about the Business Center’s Privacy and Security portal.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.