in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Can The FTC Penalize A Company For Being Hacked?

The answer is no, of course.  That would mean that even companies that fall to hackers despite using data security tools -- like centrally managed data encryption software from AlertBoot -- would feel the sting of the Federal Trade Commission (or, at least, fear it).  And, as security experts note, when it comes to data breaches, it's a matter of when, not if.  Combine these two concepts and you have all companies potentially exposed to the FTC.

And yet, many news outlets report otherwise.  For example, when I was reading up and posting on the FTC's actions against Wyndham yesterday, I noted that (my emphasis):

Mind you, the story is making the rounds in business and computer IT / security sites as an "FTC lawsuit for data breaches."  Nothing could be further from the truth...at least, on paper.

Simply put, the FTC doesn't have the power to sue companies for having a data breach.  But, the Federal Trade Commission can definitely bring action for deceiving consumers.

Someone else must have caught on to this because today I ran across a Forbes article titled "Why the FTC has hackers' victims in its crosshairs."  In it, the author notes that "most companies that fall victim to hackers never enter the F.T.C.'s crosshairs. As long as businesses have reasonable security measures, they can avoid punishment after even serious breaches."

The article goes on to quote an FTC official:

"We have always said that it is not a violation to be hacked," said Kristin Cohen, an attorney in the F.T.C.'s division of privacy and identity protection. "We can only go after companies that have misleading privacy policies -- either they did something that was deceptive or unfair."

Among other nuggets the article offers:

  • The FTC cannot levy financial penalties for "data protection cases." (In quotes because it makes it sound like being fined for being hacked).
  • But, Congress is mulling whether the Commission should have the power to impose financial penalties.  The FTC already has that power for other types of "corporate misbehavior."
  • The Senate has already introduced such a bill.
  • The FTC has sued or settled with approximately 35 companies for misleading data security promises.


Related Articles and Sites:
http://tech.fortune.cnn.com/2012/06/28/ftc-hackers/

 
<Previous Next>

Data Security: FTC Sues Wyndham Worldwide For "Deception"

Drive Encryption Software: Alaska DHHS To Pay $1.7 Million Settlement For HIPAA Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.