The start of 2009 makes clear that the FTC intends to continue its aggressive enforcement of data security practices and how businesses protect consumers’ personal information.
On January 21, 2009, the FTC announced its filing of a complaint in Nevada federal district court against an individual mortgage broker, Gregory Navone. The complaint alleges that the defendant disposed of records containing consumers’ sensitive personal information in an unsecured dumpster and failed to implement data security measures necessary for the protection of customers’ sensitive personal information.
This case serves as a reminder of the ever-increasing scrutiny – by the FTC, State Attorneys General, and private litigants – of businesses’ information security practices, and whether they are sufficiently protecting personal data against compromise and making accurate representations to the public about such security practices. The increased regulatory focus on information security practices underscores more than ever that businesses would be wise to re-examine their current information security posture.
This client advisory, prepared by the Kelley Drye Information Security and Privacy practice group, provides a summary of the key facts of the FTC’s latest data security action, as well as an overview of the data security requirements applicable to most businesses.