Data Security

Many companies keep sensitive personal information about customers or employees in their files or on their network.  Having a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely can help you meet your legal obligations to protect that sensitive data.  The FTC has free resources for businesses of any size.

Businesses Must Provide Victims and Law Enforcement with Transaction Records Relating to Identity Theft [PDF]

The Fair Credit Reporting Act (FCRA) spells out rights for victims of identity theft – and responsibilities for your business. Are you complying with the requirement that you provide victims of identity theft and law enforcers with copies of transaction records related to the theft?

Copier Data Security: A Guide for Businesses [PDF]

Does your company keep sensitive data — Social Security numbers, credit reports, account numbers, health records, or business secrets? If so, then you’ve probably instituted safeguards to protect that information. Your information security plans also should cover the digital copiers your company uses.

Declaring War on Scareware Sharable

Malicious “scareware” pop-ups can cost businesses and consumers time, money, and frustration. Are crooks using your site to serve up scareware scams? The answer may be as close as your inbox, online forum, or call center logs.

Disposing of Consumer Report Information? New Rule Tells How [PDF]

Do you use credit reports in your business? To protect the privacy of personal information and reduce the risk of fraud and identity theft, the law requires you to take appropriate steps to dispose of credit reports – and the sensitive information you derive from them.

File Share and Share Alike? Sharable

Does your business use peer-to-peer (P2P) networks? Learn the risks of file sharing, how to decide whether to allow it, and what measures you can take to keep your customers’ information – not to mention your own – safe.

Financial Institutions and Customer Information: Complying with the Safeguards Rule [PDF]

Under the Safeguards Rule, financial institutions must protect the consumer information they collect. Learn if your business is a “financial institution” under the Rule. If so, have you taken the necessary steps to comply?

FTC's Privacy Rule and Auto Dealers: FAQs [PDF]

Auto dealers that extend credit, arrange financing or leasing, or give financial advice must notify customers about the information they collect, who they share it with, and how they protect it. Are you following the rules of the road?

Information Compromise and the Risk of Identity Theft: Guidance for Your Business [PDF]

These days, it is almost impossible to be in business and not have personally identifying information about your customers or employees. If this information falls into the wrong hands, it could put them at risk for identity theft. Find out the steps to take and who to contact if sensitive data is compromised.

Lock It: Protecting Your Office from Info Thieves [En español] Sharable

Whether it’s sensitive paperwork or confidential computer files, it’s your legal obligation to secure the information in your possession.

Marketing Your Mobile App: Get It Right from the Start [PDF]

Attention app developers! Basic truth-in-advertising and privacy principles apply to your product. It’s important to give the straight story about what your app can do and be transparent about your privacy practices. This start-from-scratch publication from the FTC reminds you to consider your choices from the user's perspective.

Medical Identity Theft: FAQs for Health Care Providers and Health Plans [PDF]

Explains how medical identity theft occurs, and how health care providers and insurers can minimize the risk and help their patients if they’re victimized.

Mobile App Developers: Start with Security

Mobile app developers: How does your app size up? Have your built security in from the start? The FTC has a dozen tips to help you develop kick-app security for your product.

On the Download? Sharable

Spyware gives fraudsters the “in” they need to serve up incessant pop-ups, snoop around sensitive files, and capture personal information. Are you doing what you can to protect your system from spyware?

Peer-to-Peer File Sharing: A Guide for Business [PDF]

Most businesses collect and store sensitive information about their employees and customers. If you use Peer-to-Peer (P2P) file sharing software in your business, consider the security implications and minimize the risks associated with it.

Pitch It: Give Personal Info the Shred Carpet Treatment [En español] Sharable

Properly disposing of sensitive data – like credit card receipts or computer files with personally identifying information – can reduce the risk of identity theft. **This is a short article that is intended to be used as a drop-in. We’ll have to flag this on the site somehow.**

Plan Ahead: How a Security Response Plan Can Help Your Business Expect the Unexpected [En español] Sharable

Taking steps to protect personal information in your files and on your computer can go a long way toward preventing a security breach. Nevertheless, breaches can happen. Putting together a “What if?” action strategy now may help reduce the impact an information breach can have on your business, your employees, and your customers.

Protecting Personal Information — Know Why [En español]

An introduction to your company's legal obligations to keep sensitive data secure.

Protecting Personal Information: A Guide for Business [PDF] [En español]

Practical tips for business on creating and implementing a plan for safeguarding personal information.

Protecting Personal Information: Five Steps for Business [En español] Sharable

Many security breaches could be prevented by commonsense measures that cost companies next to nothing. Follow these five basic principles for securing sensitive customer and employee data.

Protecting Personal Information: Promotional Fact Sheet [PDF]

Promotional fact sheet provides information on the FTC's resources about protecting personal information.

Safeguarding Customers' Personal Information: A Requirement for Financial Institutions [PDF]

The Safeguards Rule requires financial institutions to secure customer records and information. But the law defines “financial institution” broadly to cover many businesses who might not describe themselves that way. If you’re covered by the Safeguards Rule, are your standards up to snuff?

Scale Down: Why Less is More When Securing Sensitive Information [En español] Sharable

Streamline and scale down: Those are the watchwords when it comes to data security. Keep only what you have a legitimate business need to retain.

Securing Your Server: Shut the Door on Spam [PDF]

Do the settings on your servers open your system to misuse? An international group of government agencies says a few quick, easy, and no- or low-cost steps can protect your computer systems.

Security Check: Reducing Risks to Your Computer Systems [PDF]

It’s just common sense that any company or organization that collects personal information from customers or employees needs a security plan. Learn more about designing and implementing a plan tailor-made to your business.

Slip Showing? Federal Law Requires All Businesses to Truncate Credit Card Information on Receipts [PDF] [En español]

What’s on the credit and debit card receipts you give your customers? Under federal law, you must delete the card’s expiration date and shorten the account information to include no more than the last five digits of the card number.

Take Stock: Conducting a Data Security Audit in Your Office [En español] Sharable

Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has — or could have — access to it is essential to assessing security vulnerabilities.

Taking the Lead to Prevent Identity Theft Sharable

As many as 10 million Americans a year are victims of identity theft. As consumers, we're all concerned, but businesses should pay particular attention. Because the crime hits you in the pocketbook, it’s time to take the lead in the fight against identity theft.

The Lowdown on Laptops: Data Security for the Road Warrior [En español] Sharable

No one appreciates the convenience of today’s virtual office more than the globetrotting Road Warrior. But when you’re away from the office on business, are you maintaining the same high standards for data security?

The Spy Who Came in from the Code Sharable

Spyware − stealth software downloaded onto computers without a clear explanation of what’s involved − can give unscrupulous marketers access to sensitive data. Are you doing your part to protect your customers and employees?