FTC Pushes For Security Standards
Despite growing resentment from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.
The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.
On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.
“I’d like to see FTC be the enforcer,” Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. “If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it’s something we’ve continued to push for.”
According to Ramirez, the FTC supports a federal data-breach notification law that would also give it the authority to penalize companies for data breaches. In separate comments at the same event, FTC counsel Betsy Broder reportedly noted that the FTC’s enforcement actions stem from the continuing failure of some companies to adequately protect data in their custody.
“FTC keeps bringing data security cases because companies keep neglecting to employ the most reasonable off-the-shelf, commonly available security measures for their systems,” Law360 quoted Broder as saying.
An FTC spokeswoman was unable to immediately confirm the comments made by Ramirez and Broder but said the sentiments expressed in the Law360 story accurately describe the FTC’s position on enforcement authority.
The comments by the senior officials come amid heightening protests against what some see as the FTC overstepping its authority by going after companies that have suffered data breaches.
Over the past several years, the agency has filed complaints against dozens of companies and extracted costly settlements from many of them for data breaches. In 2006 for instance, the FTC imposed a $10 million fine on data aggregator ChoicePoint, and more recently, online gaming company RockYou paid the agency $250,000 to settle data breach related charges.
6 of 10 Companies Approve BYOD
April 18, 2013 by admin
Filed under Around The Net
Comments Off on 6 of 10 Companies Approve BYOD
More than six out of 10 companies allow or mandate the use of employee-owned mobile devices for work in order to increase productivity, according to a survey published on Tuesday.
While the BYOD (bring your own device) push has been at the forefront of press coverage, the majority of companies still provide at least a subset of devices to employees. One third of companies strictly mandate which devices can be used for work purposes and don’t allow any type of device provided by the employee, according to the survey conducted by the Computing Technology Industry Association (CompTIA), a nonprofit trade group.
The online survey of 502 U.S. IT and business executives was conducted in February. It also found that the most popular option, at 58%, was to have a mix of corporate-owned and employee-owned devices.
For 53% of those surveyed, the top reason for allowing employees to use or select their own devices was to increase productivity while employees are away from the office. Another reason was that employees like to use familiar devices.
Twelve percent of the respondents stated it was simply too difficult to stop employees from using their own devices.
CompTIA’s report said that companies looking to maximize the benefits of a mobile device-enabled workforce must “look beyond simply which devices are used and re-examine business processes and workforce needs.”
Companies should assess the specific needs of workers, rather than just deploying one device over another on a corporate-wide basis, said Seth Robinson, director, technology analysis, at CompTIA.