FTC’s “Stick With Security” #4: Store Sensitive Information Securely & Protect It During Transmission

On August 18, 2017, the FTC released its fourth “Stick with Security” principle, which explained the importance of keeping confidential data only when needed, and securely storing the data when it must be kept.  To that end, an essential security tool is data encryption. Encryption is the process of transforming information so that only a person or device with the key can read it. The FTC offers the following three suggestions to safely keep data secure when it is stored  on a network (“data at rest”) and when it is being sent from one computer to another (“data in transit”): 

Keep Sensitive Information Secure Throughout Its Lifecycle

Companies should maintain a “big picture” awareness concerning how sensitive data enters its system, moves through it, and exits. For example, companies often need to gather information about customers to tailor their user experience. If a person’s age is relevant, ask a customer to pick an age range instead of requiring a specific number or date of birth.

Additionally, it is critical to store decryption keys separately from the data the keys are used to unlock.

Use Industry-Tested and Accepted Methods

Companies strive to be unique, but when it comes to data security, proven industry-tested methods is the preferred practice.  Relying on your Uncle Ivan’s home-made data protection ideas may not be the safest bet.

Ensure Proper Configuration

Even when companies maintain strong encryption, such encryption must be configured correctly. Disabling default validation settings or other connectors that process secure data can negate the benefits of encryption.

This entry was posted in Cyber Security, Data Protection, FTC.

Share this Article:

Leave a Reply

View Reply Form

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>