Enter to open, tab to navigate, enter to select
FTC Launches Security Education Initiative
Practical Law Legal Update 6-617-0535 (Approx. 3 pages)
FTC Launches Security Education Initiative
by Practical Law Intellectual Property & Technology
| Published on 02 Jul 2015 • USA (National/Federal) |
The FTC has announced a new initiative, "Start with Security," designed to educate businesses about data security. In connection with the new initiative, the FTC has published data security guidance, launched a new website consolidating its data security resources and will hold several conferences.
On June 30, 2015, the FTC issued a press release announcing a new initiative to help businesses protect consumers' personal information. The initiative, called "Start with Security":
- Initiates a series of conferences across the country. The first, on September 9, is aimed at start-ups and developers, and features experts on security by design, common security vulnerabilities, strategies for secure development and vulnerability response.
- Provides published guidance designed to provide an easy way for companies to understand the data security lessons learned from businesses' security missteps as alleged in over 50 FTC data security cases.
The FTC's guidance provides ten steps to effective data security drawn from these cases. The steps are:
- Start with security.
- Control access to data sensibly.
- Require secure passwords and authentication.
- Store sensitive personal information securely and protect it during transmission.
- Segment networks and monitor access.
- Secure remote access to networks.
- Apply sound security practices when developing new products.
- Make sure service providers implement reasonable security measures.
- Put procedures in place to keep security current and address vulnerabilities that may arise.
- Secure paper, physical media and devices.
The FTC has also introduced a new website consolidating its data security information for businesses.