Businesses often ask: “If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?” Maybe you read our blog explaining how the NIST Cybersecurity Framework relates to the FTC’s work on data security? Now, check out this related video featuring Andrea Arias, an attorney in the FTC’s Division of Privacy and Identity Protection.
Blog Posts Tagged with Data Security
Financial technology remains a hot topic for consumers, offering the possibilities of increased convenience and access to financial services at a lower cost. As part of its FinTech Forum series, the FTC continues to promote public discussion of the ways in which innovative FinTech services – many provided by non-banks and technology companies within the FTC’s jurisdiction – can benefit consumers and the potential issues for stakeholders to keep in mind.
Today kicks off National Consumer Protection Week, but what the FTC does to protect consumers is only part of the story. We also work hard to help small business get down to business. Here are just a few examples of what we’re doing to protect your business from deceptive practices.
When internet fraudsters mimic a legitimate business to trick consumers into giving out their personal information, it’s called phishing. It’s not just a problem for consumers, but for the companies the scammers are impersonating too. The FTC has long provided advice to consumers about steps they can take to avoid phishing scams. But what should you do if customers contact your company upset that they responded to a phishing email from a scammer impersonating your legitimate business?
Phishing emails can harm businesses whose identities are spoofed. Don’t want that to happen to your business? Read the new Staff Perspective from our Office of Technology, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication.
To facilitate the transfer of data, many U.S. companies that do business internationally participate in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (CBPR) system. It’s voluntary, of course, but if companies say they participate, that representation – like other objective claims – must be truthful. That’s the lesson of three proposed settlements just announced by the FTC.
We recently saw a fellow diner reach across the cafeteria soup station until splat! His phone fell out of his shirt pocket and into the minestrone. But even before he ladled out his soup-logged smartphone, he reached into his bag and took out his tablet. As consumers have come to rely on multiple devices, companies are using technologies to connect a consumer’s activity across those devices – smartphones, tablets, desktops, laptops, and more.
What’s that sound? It’s the buzz of the crowd gathering this morning for the FTC’s second PrivacyCon. Leaders from academia, advocacy groups, and industry have convened for a day devoted to the latest research and trends about consumer privacy and data security.
Thanks to the Internet of Things, consumers can easily share a photo with family or watch from the office what’s going on at home. But share a tax return with a hacker, have some creep silently gaze at the live feed from your family room, or have your personal conversations remotely recorded?
It’s a challenge worthy of Drs. Peter Venkman, Egon Spengler, and Ray Stantz – and it could result in a prize of as much as $25,000 for a creative tech tinkerer.
“Just like the white winged dove sings a song,” you can count on the BCP Business Blog to celebrate the “Edge of Seventeen” – 2017, of course – with a recap of in-case-you-missed-it developments from 2016. (Sorry, Stevie Nicks. That was a stretch.) In no particular order, here is our take on ten noteworthy consumer protection actions from the year gone by.
For academics and researchers in consumer privacy and data security, think of it as Coachella without the sand and Burning Man with nothing spontaneously combusting (we hope).
If you care about data security and privacy, you’ll want to read about the FTC’s settlement with ruby Corporation, ruby Life Inc., and ADL Media Inc. – the companies that operate AshleyMadison.com.
The military community makes many of the same consumer decisions as their civilian counterparts. We all need to manage our money – and avoid rip-offs. But servicemembers and their families also face unique challenges, like frequent relocations and deployment. When a permanent change of station is on the horizon, a military family needs to rent or buy a new place to live, manage money while on the move, and be vigilant about dealing with businesses in an unfamiliar locale. A servicemember’s regular paycheck from Uncle Sam can make them a target for scammers.
Want something old and something new, all in one? Check out the FTC’s updated “Protecting Personal Information: A Guide for Business.” It’s the same principles that we’ve relied on for years, but with a new twist. You’ll find the latest tips about technologies that have emerged since we last published the guide.
You suspect that your business experienced a data breach. Maybe an employee lost a laptop, or a hacker got into your customer database, or information was inadvertently posted on your website. Whatever happened, you’re probably wondering what to do next.
As the old saying goes, “The job’s not finished until the paperwork is done.” But since the enactment of the FTC’s Disposal Rule, the job’s not finished until the paperwork – in this case, consumer reports or information derived from them – is securely destroyed.
Ransom notes used to come in the form of pasted letters clipped from newspapers. Now datanappers gain entry through a weak spot in a company’s network, lock the business out of its own system, and hold files – including sensitive health or financial information – for ransom. Would you know how to react if your business is the next victim? And are you taking reasonable steps to reduce the risk of that happening?