Federal Trade Commission Plans to Clarify its Data Security Standard
The Federal Trade Commission (FTC) has announced that it is launching a new initiative to improve data security guidance and transparency as part of a broader plan to implement process reform initiatives. In an interview with Politico Pro (subscription required) last week, the new acting director of the FTC’s Bureau of Consumer Protection, Thomas Pahl, discussed the FTC’s goal of supplementing existing data security recommendations with best practices and concepts drawn from recently closed investigations.
Under the FTC’s current standard, companies are advised to employ “reasonable” data security measures based on, among other things, the nature of their business and the sensitivity of the information involved. Pahl noted that companies would benefit from up-to-date information that describes the types of safeguards that the FTC considers “reasonable.” To that end, the FTC is analyzing previously closed investigations and comparing findings to cases that triggered enforcement actions so it can share best practices.
It is unclear whether the FTC will release improved data security guidance separately or as an add-on to its existing “Start with Security: A Guide for Business” publication. Pahl also indicated that additional and clearer guidance would likely encourage interested companies to comply with data security standards, but that the FTC will continue to bring enforcement actions where appropriate.