FTC’s “Stick with Security” Offers Direction on Reasonable Security Practices

The Federal Trade Commission (FTC) has continued its rollout of its “Stick with Security” blog series, providing insight for companies into what may constitute “reasonable” security measures from the agency’s perspective. The blog is intended to supplement the FTC’s “Start with Security: A Guide for Business” and offers best practices gleaned from FTC enforcement cases involving insufficient security measures. The FTC has indicated that it will post on a weekly basis, and has contributed ten entries thus far, with topics ranging from the importance of segmenting and monitoring network access to taking steps to ensure that third party service providers implement appropriate security measures.

The FTC’s latest entry focuses on best practices for protecting sensitive data on paper and in physical media and devices. Specifically, the FTC advocates for securely storing files containing sensitive data; safeguarding devices that may contain personal information; protecting data when it is transferred off-premises; and appropriately disposing of records containing sensitive data. The FTC stresses the importance of taking a holistic approach to securing sensitive information by accounting for data stored in both electronic and paper-based formats, and taking proactive measures to mitigate any identified risks to the security of the data.

TIP: Companies can review the “Stick with Security” blog posts to gain insight into the FTC’s expectations surrounding data security measures, and can consider the best practices therein when creating or strengthening their security infrastructure.