- E-Discovery Lesson For Slack UsersPosted 2 days ago
- Radical Changes in Privacy Regulation on the HorizonPosted 2 days ago
- New Joint Employer Rule “Qualified Positive” For EmployersPosted 3 days ago
- Alphabet CLO Resigns After InvestigationPosted 3 days ago
- Oklahoma Hires Perkins Coie In Gaming Dispute With TribesPosted 4 days ago
- Big Law Firms “Pay-To-Play” In OregonPosted 4 days ago
How to Interpret the FTC’s Vague Data Security Standards
Judith A. Archer and Jami Mills Vibbert, Norton Rose Fulbright U.S. LLP
The Federal Trade Commission Act, Section 5, makes unlawful any “unfair or deceptive acts or practices in or affecting commerce.”
Relying on Section 5, the Federal Trade Commission has aggressively pursued over fifty companies on a variety of data security issues, such as failing to take “reasonable” steps to secure data or safeguard consumer information and making false or misleading statements about their security measures. Most of these actions resulted in onerous settlements. Yet, the FTC has not promulgated written rules or standards prescribing what reasonable safeguards are.
The FTC requires “reasonable oversight” of service providers, and that includes affirmative steps to ensure that they employ appropriate protections for consumer information. Specifically, companies should: Review information concerning the data security practices of service providers. Require that service providers maintain security measures capable of safeguarding consumer information. Ensure that they have access only to consumer data that directly relates to their business purpose, and for long enough to accomplish it. Use fictitious data sets where appropriate, and verify that service providers securely remove data when it is no longer necessary.
Companies that employ some or all of the above measures should decrease the likelihood of an FTC action or provide a concrete basis to defend one, based on their having taken reasonable measures pursuant to a comprehensive data security program. Given the potential effect of an FTC action, that means decreasing the risk of significant future expense and burden.Read the full article at:
Today's General Counsel