FTC’s “Stick With Security” #8: Make Sure Your Service Providers Use Reasonable Security Measures

On September 15, 2017, the FTC released its eighth “Stick with Security” principle, which offers advice that individuals and organizations should consider when hiring others to process sensitive data. A few tips for making sure those service providers implement reasonable security measures include:

Do Your Due Diligence

Because information is oftentimes a company’s most valuable asset, it is imperative that said company knows how its info will be used. Accordingly, the FTC offers a few ideas to keep in mind during the service provider selection process: how will your company’s data be secured, who will have access to the data, and how will the service provider train its employees to maintain the data securely.

Put it in Writing

A company and a service provider would be better off if both sides reduced to writing in a contract the following items: expectations, performance standards, and monitoring methods. For example, prior to giving a service provider access to customer or employee personal information, a contract may need to include provisions verifying that firewalls, data encryption methods, and intrusion detection systems are used.

Verify Compliance

Following-up with security providers to ensure their compliance with security-related contract provisions is equally important. This verification process should ideally come before any product is marketed to the public.

This entry was posted in Cyber Security, Data Protection, FTC.

Share this Article:

Leave a Reply

View Reply Form

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>