Blog Posts Tagged with Privacy and Security

If you sell genetic testing kits to consumers, you’re probably familiar with the Genetic Information Nondiscrimination Act (GINA), which prohibits discrimination on the basis of genetic information under some circumstances. You’re also familiar with the Health Insurance Portability and Accountability Act (HIPAA), which protects health information collected by certain types of entities. Then there are laws enforced by the FDA and the Centers for Disease Control and Prevention that pertain to genetic testing kits.

The FTC’s ability to obtain information through subpoenas and civil investigative demands (CIDs) is critical to the task of investigating potential law violations. The FTC uses this authority deliberately and responsibly, avoiding unnecessary burdens on businesses and individuals and consistent with our obligations to enforce the law.

Every year, millions of consumers tell us – and our partners – about the frauds they spotted. In 2018, we heard from 3 million people and learned a lot from the reports entered into our Consumer Sentinel database. Here are some notable facts from the Consumer Sentinel Network’s 2018 Data Book – including that a new category of scams has earned the unenviable right to chant "We’re #1."

Punching a time clock in and out isn’t how small businesses run these days. Employees are on the road, others are working from home, vendors are accessing your data at off hours – and you’re generating ideas 24/7. How do you maintain high security standards when employees and others may need to connect to your network remotely from a variety of devices? When we met with small business owners across the country, that question came up a lot.

As a business person, you know about phishing, of course. At first glance, the email looks like it comes from a recognized company, complete with a familiar logo, slogan, and URL. But it’s really from a cyber crook trying to con consumers out of account numbers, passwords, or cash. In addition to the serious injury these scams inflict on consumers, there’s another victim of phishing: the reputable business whose good name was stolen by the scammer.

Not many small businesses do business these days without the services of third-party vendors, some of whom have access to your company’s sensitive information. Even if you run a tight cybersecurity ship, what happens if your accountant loses a laptop or the payroll company that connects to your network experiences a security breach? Your business could be in jeopardy, of course, but that’s not all.

It’s Day 2 of the data security discussion, presented as part of the FTC Hearings on Competition and Consumer Protection in the 21st Century – and you can watch the webcast live.

When cyber crooks send messages trying to trick people into disclosing passwords or account information, they often mimic a recognizable email address to make it look like it’s coming from a trusted source – for example, from your company. It’s a practice called spoofing and it packs a double wallop. Not only does it put consumers at risk for identity theft, but spoofing can unfairly damage the reputation for trust you’ve worked hard to earn.

Phishing scammers have gotten more sophisticated. They still send out mass emails asking consumers for credit card numbers or bank account information. But they’re also targeting small businesses by imitating the look of messages your employees routinely receive.