In July 2016, the Federal Trade Commission (FTC) ruled that medical testing company LabMD failed to protect the sensitive personal data, including medical information, of over 750,000 patients. Furthermore, the FTC said that no harm from a data breach needed to be proven. What this means: The FTC is now the major regulator for cybersecurity practices for businesses.
Section 5 of the FTC Act authorizes the Commission to challenge “unfair or deceptive” acts or practices in or affecting commerce, and that an act or practice may be deemed unfair if it “causes or is likely to cause substantial injury to consumers” in a way that is not reasonably avoidable by consumers.
While the LabMD case was an extreme example (after all, the company was storing personal patient information on peer-to-peer networks, accessible to millions of users), the message being sent by the Commission is clear. Unless your business makes significant, demonstrable efforts to protect your data, you will face the consequences.
This is not just a problem for Fortune 500 companies. If your company holds your customers’ personal data, you could be liable if your security practices aren’t deemed sufficient.
In the past, we have explored how every employee must play a part in keeping your company breach-free. This means your employees need to undergo routine cybersecurity training to keep up with the latest threats.
(Also, you can’t just claim, “I didn’t know.” That defense never works!)
The good news is this is not an insurmountable problem. With proper employee training and tailored cybersecurity solutions, you can get ahead of this problem before a data breach happens, or before the FTC comes calling.
For help in getting your cybersecurity up to snuff, contact Vanguard Resources.