02-08-2015: FTC – Converting Data Breaches to Intrusion Disruption

Irony of ironies: the federal government that exposed millions of personnel records and created the insecure Obama HealthCare.gov system now wants to heavily fine companies that fail to protect consumer information. Based on a recent U.S. Circuit Court of Appeals decision, the Federal Trade Commission (FTC) can find businesses at fault for data breaches and tie them up with consent decrees that force them to submit to thrid-party security assessments every two years for up to 20 years. Business and IT executives need to understand the implications of the ruling and ensure they can demonstrate they have implemented and are monitoring "reasonable" security practices.