Data Security

Many companies keep sensitive personal information about customers or employees in their files or on their network. Having a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely can help you meet your legal obligations to protect that sensitive data. The FTC has free resources for businesses of any size.

Guidance

App developers: How does your app size up? Have your built security in from the start? The FTC has a dozen tips to help you develop kick-app security for your product.

For debt buyers and sellers, keeping sensitive information secure should be business as usual. The FTC has seven tips for members of the industry to help reduce the risk of unauthorized disclosure.

Advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures, and carefully considered default settings.

A step-by-step plan for determining if your company is covered by COPPA — and how to comply with the Rule.

Guidance for business on complying with the FTC’s Health Breach Notification Rule. Who’s covered by the Rule and what companies must do if they experience a breach of personal health records.

If you report information about consumers to consumer reporting agencies (CRAs) — like a credit bureau, tenant screening company, or check verification service — you have legal obligations under the Fair Credit Reporting Act's Furnisher Rule.

Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, then you’ve probably instituted safeguards to protect that information. Your information security plans also should cover the digital copiers your company uses.

This guide addresses the steps to take once a breach has occured. For advice on implementing a plan to protect consumers’ personal information, to prevent breaches and unauthorized access, check out the FTC’s Protecting Personal Information: A Guide for Business and Start with Security: A Guide for Business.

Once your business is finished with sensitive information derived from consumer reports, what happens to it then? Under the Disposal Rule, your company must take steps to dispose of it securely.

Tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program.

Under the FTC's Health Breach Notification Rule, companies that have had a security breach must: 1. Notify everyone whose information was breached; 2. In many cases, notify the media; and 3. Notify the FTC.

Explains how medical identity theft occurs, and how health care providers and insurers can minimize the risk and help their patients if they’re victimized.

When developing a health app, sound privacy and security practices are key to consumer confidence. Here are some best practices to help you build privacy and security into your app. These practices also can help you comply with the FTC Act.

You’re developing a health app for mobile devices and you want to know which federal laws apply. Check out this interactive tool.

Most businesses collect and store sensitive information about their employees and customers. If you use Peer-to-Peer (P2P) file sharing software in your business, consider the security implications and minimize the risks associated with it.

Practical tips for business on creating and implementing a plan for safeguarding personal information.

It’s just common sense that any company or organization that collects personal information from customers or employees needs a security plan. Learn more about designing and implementing a plan tailor-made to your business.

What’s on the credit and debit card receipts you give your customers? Under federal law, you must delete the card’s expiration date and shorten the account information to include no more than the last five digits of the card number.

If you’re running a small business with only a few employees, you’ve learned about a lot of things – accounting, marketing, HR, you name it. And you probably depend on technology, even if it’s only a computer and a phone. You can’t afford to get thrown off-track by a hacker or scammer.

10 practical lessons businesses can learn from the FTC's 50+ data security settlements.