Forensic Update

Reflections on information management within the legal and regulatory arena

Laptop stolen from employee vehicle = 20 years of FTC Audits for Employer…

Posted by Johnny Lee on February 1, 2013

FTC-Logo

The news of data breaches has certainly become maddeningly commonplace in recent years.  Many industries have been slow to adopt even the most rudimentary controls about securing media that is highly portable, such as thumb drives, laptops, mobile devices, and the like.

Perhaps as antidote to that tardy adoption, the Federal Trade Commission (“FTC”) recently announced a settlement with a leading cord blood bank, related to claims that it failed to protect the security of customers’ personal information.  Moreover, the settlement stipulates that this cord blood bank’s inadequate security practices contributed to a breach that exposed the Social Security and financial information of nearly 300,000 consumers.

The FTC claims arose from an incident in December 2010, in which laptops, backup tapes, and other storage media were stolen from an employee’s personal vehicle.  The catch?  None of these storage media were encrypted in any fashion.

This lack of encryption appears to be the linchpin consideration in the FTC’s analysis of culpability.  The cord blood bank must now submit to an annual certification (by an external party) for the next twenty years.  This enforcement action by the FTC will undoubtedly raise the awareness of organizations slow to adopt the perspective that there is wisdom in having policies and procedures in place to safeguard sensitive data.  While these policies and procedures might — and perhaps ought to — vary from industry to industry, certain basics will likely be adopted over time, and I suspect that encryption will rise in adoption as a safeguard even more rapidly than it has in recent years.

For more on the FTC’s settlement announcement, please click here.

Please see the disclaimer associated with content published on (and associated with) this site.

Advertisements

Sorry, the comment form is closed at this time.

 
%d bloggers like this: