Keep a watchful eye on your service providers. For conscientious companies, that’s Privacy & Data Security 101. It’s also a key compliance tip from the FTC’s proposed settlement with mobile device manufacturer BLU.
Blog Posts Tagged with Data Security
Last year, we heard from small business owners about their cybersecurity challenges at a series of roundtable discussions the FTC hosted with some of its partners. What we learned is that small business owners need and want information on how to keep their computer systems and business data safe. So we’re planning to provide that to them. Later this year, the FTC will launch a small business education campaign on cybersecurity, in partnership with other federal agencies.
In its August 2017 proposed consent agreement with Uber, the FTC alleged, among other things, that the company’s unreasonable security practices resulted in a May 2014 data breach. But there’s more to the story now. According to the FTC, Uber experienced another breach in the fall of 2016 – right in the middle of the FTC’s nonpublic investigation – but didn’t disclose it to the FTC until November 2017.
Every business wants to forge an ongoing relationship with their customers. That principle takes on special significance for mobile device manufacturers when they need to issue security patches for the operating system software on their phones and tablets. Once devices are in consumers’ hands, are they getting the patches they need to protect against critical vulnerabilities? Are companies deploying those patches in a timely fashion and for a reasonable length of time?
Once bitten, twice shy. That fundamental principle of human behavior is why reputable businesses that work hard to earn consumers’ confidence should support the FTC’s ongoing efforts to fight fraud. According to the FTC’s 2017 Consumer Sentinel Data Book, consumers reported losing a total of $905 million to fraud last year. That’s close to a billion bucks people won’t be able to spend on legitimate products and services from credible companies.
Right now DC is the place to be for people interested in the latest on consumer privacy and data security. The FTC’s third PrivacyCon begins at 9:15 ET on Wednesday, February 28, 2018, with opening remarks from Acting Chairman Ohlhausen. Like the first two PrivacyCons, this year’s event features many of the biggest names in the research world discussing their findings.
As a business person, you know that accessing the public Wi-Fi network in an airport lounge, coffee shop, or other location can be risky. Public networks aren’t very secure – or, well, private – and it could be easy for others to intercept your confidential business or personal data. But there are times when every executive has to be out and about. So what can you do to keep your mobile data private and secure? Some people use Virtual Private Network (VPN) apps to shield traffic from their mobile devices from prying eyes on public networks.
Engage, connect, protect was the theme of a series of Small Business Security Roundtables the FTC sponsored last summer. We listened to businesses talk about the challenges they face in securing sensitive information and fending off cyber threats. We also heard that they want concrete advice from the FTC. For example, how can a small company – especially one that may not have the in-house expertise to host its own website – get down to business while also addressing these concerns?
Blind Faith, Crosby Stills Nash & Young, Humble Pie, the Traveling Wilburys. Every musical genre has its supergroup, individual talents from other groups who come together to create something even more impressive. In the consumer privacy and data security world, we think the agenda for the FTC’s PrivacyCon 2018 reads like the line-up of one of those legendary supergroups. (Minus Eric Clapton – sorry.)
If you operate a business, how you handle personal information can affect whether your customers, employees, and yes, even your business, are at risk of identity theft during tax season and all through the year.
So you’ve received a Civil Investigative Demand (CID) from the Federal Trade Commission related to a consumer protection matter. Now what? We appreciate that it can be daunting for any company – especially a small business – and we want to be as transparent as possible about the process.
Car ads used to include shorthand like 2D, AWD, and AC. Today’s car buyer is just as likely to ask about USB, GPS, and wifi. Last June, the FTC and the National Highway Traffic Safety Administration (NHTSA) hosted a workshop in Washington to discuss the types of information that connected and autonomous cars collect and the ways the data can be used.
We can’t guarantee its effectiveness in getting kids to eat their vegetables or finish their homework. But there’s one circumstance in which a Mom or Dad’s “Because I said so . . . .” is the law of the land. When it comes to the online collection of personal information from kids under 13, the Children’s Online Privacy Protection Rule (COPPA) puts parents in charge.
One Direction had a hit with a song called “18,” but the FTC’s recent law enforcement and policy initiatives suggest that the agency will continue to pursue many directions in its efforts to protect consumers in ‘18. (Sorry. We’re expecting a fresh shipment of pop culture references in January.) In case you missed them – and in no particular order – here are ten FTC consumer protection topics of note from 2017.
After the Equifax breach, your customers, clients, and employees may be coming to you with questions. Some people are considering placing a fraud alert on their credit file. Others are thinking about freezing or locking their credit files to help prevent identity thieves from opening new accounts in their name. Here are some FAQs to help you help them think through their options.
It’s a challenging trade-off. Consumer information is often at the heart of technological innovation and the benefits can be substantial. But what about the injury people may experience when information about them is misused? Informational injury is the topic under discussion at an FTC workshop on Tuesday, December 12, 2017, in Washington, DC.
For college students building their resumes, that camp counselor gig is nice – but what about participating in a session at an international conference of privacy and data security experts?
You’re a tax professional and you’ve just learned that your business experienced a data breach. Whether hackers took client information from your server, an insider stole client information, or the information was exposed inadvertently, you’re probably wondering what to do next.
You’ve read recent news stories about a vulnerability discovered in the WPA2 encryption standard. (Some reports refer to it as KRACK – Key Reinstallation Attack.) Should this be of concern to your business? Yes. Does it warrant further action at your company? Absolutely.
You’ve heard about the “dark web” and wondered how it affects businesses – including small businesses. That was one of the topics addressed at an FTC conference earlier this year on identity theft. Recent headlines about high-profile data breaches have added even more urgency to the discussion. So why should the dark web matter to your company?