Recent challenges to the Federal Trade Commission’s (“FTC”) authority to police data security practices have criticized the agency’s failure to provide adequate guidance. In other words, the criticism goes, businesses do not know what they need to do to avoid a charge that their data security programs fall short of the law’s requirements. A new series of blog posts, titled “Stick with Security,” follows promises from acting Chair Maureen Ohlhausen to provide more transparency about practices that contribute to reasonable data security. While the first two posts do not provide much insight into specific data security practices businesses should take, they do suggest that the FTC sees encryption and employee training as essential parts of a comprehensive data security program.
Read our client alert.