The FTC’s first Start with Security conference – the latest in a line of initiatives emphasizing the importance of data security – kicks off on Wednesday, September 9th, in San Francisco in cooperation with UC Hastings College of the Law. Not able to be there in person? Don’t worry. You won’t be left sitting on the dock of the bay. You can watch the webcast from your desk. In addition, the FTC has a new resource for companies interested in starting with security.
Blog Posts Tagged with Data Security
It’s called PrivacyCon and the first-of-its-kind FTC event is scheduled for January 14, 2016.
You’ve read Start with Security: A Guide for Business, the new brochure about the FTC’s 53 data security settlements. You’ve digested the lessons learned from those cases. The next step: applying them at your company. The FTC has an easy way to get the ball rolling.
Businesses are understandably concerned about the threat that hackers pose to the security of sensitive data on their networks. But a closing letter the FTC staff sent to Morgan Stanley Smith Barney LLC warns of another danger lurking closer to home.
On the old game show “Password,” the host whispered a word to contestants, who then gave clues to celebrities. The first to guess correctly advanced to the Lighting Round. The loser went home with a year’s supply of car wax.
If you and your clients are concerned about data security – and aren’t we all? – the FTC has something old, something new, and something on the horizon you need to know about.
A natural disaster can wreak havoc on any business. But it’s even worse when that real-world catastrophe becomes a data security calamity.
Before the summer storm season arrives, get your business ready. Just like you gather flashlights, bottled water, and emergency supplies, you can prepare your business by reviewing data retention and disposal practices.
It’s a question we’re asked a lot. “What happens if I’m the target of an FTC investigation involving data security?” We understand – no one wants to get that call. But we hope we can shed some light on what a company can expect.
First things first. All of our investigations are nonpublic. That means we can’t disclose whether anyone is the subject of an investigation. The sources of a data security investigation can be news reports, complaints from consumers or other companies, requests from Congress or other government agencies, or our own initiative.
Maybe it’s a suspicious tax document flagged by your HR staff or a customer concern about an unauthorized charge. Identity theft can reveal itself in many ways. Regardless of the tip-off, there’s a new one-stop federal resource – IdentityTheft.gov – to help people report and recover from ID theft.
According to the proverbs of Solomon, “Plans fail for lack of counsel, but with many advisers they succeed.” Of course, there’s no one-size-fits-all plan to guarantee the security of personal information in your company’s possession. But one effective strategy is to consider what experts at different agencies and organizations are saying. They offer a variety of tips and techniques, but the foundational principles of sound security remain the same.
As the FTC staff discussed at a seminar about consumer generated and controlled health data, people are turning to apps, devices, and websites to manage their own health information. Yesterday we talked about the contours of the compliance landscape.
With the help of innovative businesses, consumers are taking a more active role in managing their health information. How? Maybe it’s an app that monitors their exercise habits, a device that lets diabetics track glucose levels, or a site where patients with the same condition share information. In addition, people are starting to download their information into personal health records, partially because of regulatory initiatives promoting secure online access to medical data.
Like juggling chain saws or using a Ming vase as a sippy cup, some things are just too risky to be reasonable. Here’s one to add to that list: posting unencrypted financial information about 55,000 consumers on a website available to anyone with an internet connection.
The FTC keeps its finger on the pulse of markets, channeling its resources to protect consumers from deceptive and unfair practices involving new technologies. A few years ago, we created the Mobile Technology Unit to help bring consumer protection into the mobile era. Staffers assist the Bureau of Consumer Protection and FTC regions with law enforcement investigations and lend their expertise to the development of consumer protection policy.
Identity theft is always taxing on victims.
We’ve all been talking about the Internet of Things – the ability of everyday objects to connect to the Internet to send and receive data.
53 and it’s likely to go up. That’s the number of data security law enforcement actions the FTC has settled so far. The facts of each case are different, but distilled down to the basics, they stand for one central proposition: Your company’s data security measures should be reasonable and appropriate in light of the sensitivity and amount of consumer information you have, the size and complexity of your business, and the availability and cost of tools to improve security and reduce vulnerabilities.
For most people, January offers a lull after the holidays. But if you’re a tax professional, the busy season just started. Now that figures are flying, the FTC reminds tax preparers, accountants, and others in the industry about the role they can play in fighting back against tax identity theft. Participate in events scheduled for January 26th through 30th – Tax Identity Theft Awareness Week – and consider five timely tips from the FTC.
It’s rare we get Shakespearean on you, but a letter the FTC staff just sent to Verizon Communications reminds us of the quote from Julius Caesar, “The fault, dear Brutus, is not in our stars, but in ourselves. . . ” When it comes to the FTC’s now-closed investigation of Verizon, the staff says the fault wasn’t in the stars, but in the default.