Privacy & Information Security Law Blog

On October 13, 2017, the Federal Trade Commission published the twelfth and final blog post in its “Stick with Security” series (the “Series”). The Series focused on the 10 principles outlined in the FTC’s Start with Security Guide for Businesses and sought to provide insights and lessons learned on data security from recent FTC cases, closed investigations and questions and comments received from businesses. The final post, entitled Stick with Security: FTC resources for your business, outlines the resources available to businesses to put the principles detailed in the Series into practice. These can be found on the FTC’s Data Security page.

The resources provided by the FTC include:

• FTC Cases: The FTC has filed more than 60 actions against companies alleged to have been engaged in unfair or deceptive practices related to data security. Most of these actions were settled with court enforceable orders. These cases provide security conscious companies an opportunity to review the complaints, so as to avoid making similar errors in information security in their own businesses and increase compliance.
• Brochures for Business: The FTC provides a suite of publications for businesses which provide practical advice in clear and understandable terms, uncluttered by complicated legal language. Three titles the FTC recommend for companies serious about data security include:
  • Protecting Personal Information: A Guide for Business – This serves as a primer on forming and implementing a data security plan within a business.
  • Start with Security: A Guide for Businesses – This looks at FTC enforcement actions and highlights 10 key compliance lessons. These lessons are expanded on in this Series.
  • Data Breach Response – This addresses steps a business should take if a breach has occurred.
• Videos: The FTC provides short videos that recount the basics of data security. These 3-minute segments address a range of topics, from defending against ransomware to using email authentication, to responding if your business is impersonated in a phishing scam.
• Brochures for Specific Business Audiences: The FTC also provides specific guidance for certain industries. These provide specialized information for businesses in different sectors such as health-related technology, the Internet of Things, consumer debt collection and many others.
• Resources for Small Businesses: The FTC provides a Small Business site which features resources for solo entrepreneurs or companies with a few employees who are trying to implement data security.
• Blog Posts: The FTC has a Consumer Blog which translates security related developments into actionable advice for the public, as well as a Business Blog which focuses on what FTC enforcement actions and policy initiatives mean for businesses. More than 200 posts focus on data security.

To read our previous posts documenting the entire Series, see “Stick with Security Series.”