FTC Launches “Start with Security” Initiative to Educate Businesses about Protecting Personal Data
Earlier this year, the Federal Trade Commission expanded its efforts to help businesses protect consumer information by launching a new initiative called Start With Security. It is designed to help small- and mid-sized businesses in various industries understand how to strengthen data security around consumer information.
So far the initiative includes three daylong workshops in major U.S. cities and a new guidance document. Additional workshop locations are being planned throughout 2016.
“Promoting good data security practices has long been a priority for the FTC,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “The new Start with Security initiative shares lessons from the FTC’s 53 data security cases. Although we launch cases when businesses put data at risk, we’d much rather help companies avoid problems in the first place.”
Aimed at start-ups and developers, the workshops bring together FTC and local experts to provide information on security design, common security vulnerabilities, strategies for secure development, and vulnerability response. Sessions cover topics such as:
• Building a Security Culture
• Embracing Security Features
• Adapting Security Testing for DevOps and Hyper-growth
• Dealing with Bugs, Bug Reports, and Third-party Code
The first workshop was held in San Francisco on September 9th. It was hosted and co-sponsored by the University of California Hastings College of the Law.
The second Start With Security workshop is in Austin, Texas on November 5th. It is co-sponsored by the University of Texas Robert C. Strauss Center and the Center for Identity.
A third workshop is scheduled for Seattle at the University of Washington on February 9, 2016. More details will be published soon.
The FTC is currently exploring additional locations to hold the workshop throughout 2016, such as Chicago, Cleveland, and more.
The Start With Security business guide lays out ten key steps for effective data security drawn from its own cases. It’s meant to provide an easy way for companies to understand the lessons learned from these cases, and aligns with the FTC’s primary mission: to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.
The document includes case references, as well as plain-language explanations of the security principles at play. Advice includes, for example:
• Keep sensitive information secure throughout its lifecycle
• Verify that privacy and security features work
• Protect devices that process personal information
The new publication is available online. Print copies are available through the FTC’s publication bulk order site.
Further, the FTC has introduced a one-stop website that consolidates the Commission’s data security information for businesses at www.ftc.gov/datasecurity.