Data security: It doesn't take a breach to get the FTC's attention
Source: SearchSecurity - Posted by Pax Dickinson   
Security The litany of the latest database security breaches reads like a laundry list of some of the most prominent companies in the U.S. But your company doesn't have to be prominent or suffer a breach to come under the scrutiny -- and wrath -- of the Federal Trade Commission.

"The threat to businesses extends well beyond the relatively small number that actually experience a compromise of data," said Mike Overly, a partner at law firm Foley & Lardner, which specializes in cyberlaw. "The FTC has conducted several enforcement actions against companies in which no compromise of security has occurred. In those cases, the FTC reviewed the business' security practices and found that they did not fulfill statements made by those companies, typically in privacy policies, that promised to protect consumer information and to ensure such information would not be compromised."

What it means is that the FTC found these statements deceptive and misleading to consumers because the businesses hadn't employed reasonable measures to protect their systems.

"So it is not just the businesses that suffer an intrusion or compromise that are at risk," Overly said. "Any business handling consumer information could be audited by the FTC to ensure the business' security practices are reasonable and appropriate and comport with the statements that company has made to the public. If not, the FTC could prosecute the company for making misleading statements to consumers regarding the security of their information."

Read this full article at SearchSecurity

Only registered users can write comments.
Please login or register.

Powered by AkoComment!