The federal government (FTC) has accepted responsibility for the failure of businesses to protect customer data
FTC- stolen data to convert the noise invasion
The irony: the federal government, which has affected millions of personnel records and create insecurity, Obama HealthCare.gov to companies now want a very fine, not to protect consumers.
Based on Circuit Court in the United States at the moment of the decision of the Appeal The Federal Trade Commission (FTC) can find business at fault for violations of data and tie them up with a law that forced them to agree to submit to the evaluation, safety, which is a third party every two years for up to 20 years. Technology and business executives need to understand the impact of the ruling and ensure that they can demonstrate they have implemented and monitored the implementation of security "nonsense".
The new US Circuit Court 3-0, which sued party, the third decline claim Wyndham fired worldwide has Corp, that federal law did not give the power to penalize policy security companies that poverty and procedures that resulted in the theft of data related to customer FTC said.
The unanimous verdict makes it perfectly clear that FTC does have the authority to rule on handling data security. This expansion of authority allowed should be very difficult to the company's senior executives and IT professionals.
FTC in the past, but after the business has failed to implement reasonable security measures for the data entrusted to them by customers. Wyndham, for example, has suffered three data breaches in 2008 and 2009 and failed to encrypt credit card data. There were more than 50 cases pursued by the FTC and all but Wyndham consent signed and another law. One who did not sign the consent decree will be out of business.
What is reasonable security measures represent in the eyes of the beholder? In this case, FTC (look) approach to security reasons, the data is as follows: "security measures data of a company must be reasonable in light of the sensitivity and size of the goods it ended, the size and complexity of the operation of its data and the cost of the tools available to improve safety and reduce vulnerability. '
While some organizations are free from the FTC authorities - such as banking and health care - everyone must be sure to follow the view of the FTC reasonableness.
Guide FTC's security Step 10
10 detailed steps in this guide are as follows:
1. Starting with security
2. Control access to accurate data
3. Require password security and authentication
4. store sensitive personal data secure and protected during transmission
5. network segment and your monitor, which is trying to get in and out
Secure Remote Access 6 to your network
7. implement sound security practices when developing new products
8. Make sure your service provider to implement reasonable security measures
9. The procedures put in place to maintain current address and your security vulnerabilities that may arise
10. The security paper, physical media, and devices.
The guide describes the steps in more detail and provides practical guidance on how to reduce the risk that they pose. Surprisingly, the FTC has taken a very good approach to security and easy guide offers advice on how to comply with security and avoid complications.