FTC Releases “Start with Security” Guidance for Business

The Federal Trade Commission recently issued a business guidance encouraging companies to “consider security from the start” when managing their networks or paper files, developing websites, or launching new mobile apps. The guidance is a supplement to a related FTC document released earlier this year, “Protecting Personal Information: A Guide for Business,” which gives “practical tips for business on creating and implementing a plan for safeguarding personal information.” This new document encourages companies to take steps like requiring secure passwords and authentication, securing remote access to networks, and ensuring that service providers use reasonable security measures.

Tip: This guidance emphasizes that the FTC is closely watching how companies operationalize security measures. The “tips” in this guidance give companies an understanding of what the FTC expects in this space, and companies would be well-served to measure their current practices against the guidance.