The Federal Trade Commission's (FTC) staff has released a series of blog posts entitled Stick with Security1 that updated and expanded on the prior Start with Security2 best-practices guide for information security practices. The Stick with Security series draws from FTC complaints, consent orders, closed investigations, and input from companies around the country to provide deeper insights into the 10 principles articulated in the Start with Security guide. These guidelines serve as a set of minimum recommended standards for "reasonable" data security practices by organizations with access to personal data (i.e., information related to consumers and employees), although they can be applied to other types of data as well. The recommendations are not legal requirements, of course, but it can be useful for companies to consider the views of the FTC's staff on the practices that are likely to be seen by the FTC as "reasonable." This article summarizes the recommendations made by the FTC's staff in the Stick with Security series.
展开▼