FTC Blogs Review Data Security, Data Breach Prevention Basics

FTC Blogs Review Data Security, Data Breach Prevention Basics. Starting with the FTC’s 10 Start with Security Principles, the blogs will “take a deeper dive into steps companies can take to safeguard sensitive data in their possession,” FTC Bureau of Consumer Protection Acting Director Thomas B. Pahl wrote in the first post. “We’ve listened to the day-to-day challenges you face in protecting sensitive information and have learned from the practical approaches you’re taking to address data security challenges.” The second blog post reviewed how organizations can sensibly control data access. “The better practice is to put sensible controls in place to allow access to employees who need it to do their jobs, while keeping others out.” Limiting administrative access will also be essential in data breach prevention, the blog post stated. For example, a company should not have the same login credentials for all employees. HIPAA regulations require the “minimum necessary” approach, which states that covered entities must “make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.” The first FTC blog post discussed how the agency will occasionally investigate data security issues that have occurred within companies, but some cases are closed without law enforcement. “Sometimes a company’s practices may raise initial concerns, but there are other factors that suggest law enforcement wouldn’t be in the public interest,” he continued. READ MORE: Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule Healthcare organizations could potentially be affected by FTC investigations into data security issues. Should they have authority if the OCR under HHS expressly has the authority?” Covered entities and their business associates should ensure they are adhering to HIPAA requirements in terms of PHI security, and are properly documenting their policies and procedures. From there, it should be easier to show investigating agencies – whether OCR or FTC – that the proper measures were in place, even if a data security incident occurs.
Data security and data breach prevention are at center of recent FTC blog posts.
Source: Thinkstock

Starting with the FTC’s 10 Start with Security Principles, the blogs will “take a deeper dive into steps companies can take to safeguard sensitive data in their possession,” FTC Bureau of Consumer Protection Acting Director Thomas B. Pahl wrote in the first post.

“Another important source of our Stick with Security examples are the experiences of businesses from across the country,” Pahl explained. “We’ve listened to the day-to-day challenges you face in protecting sensitive information and have learned from the practical approaches you’re taking to address data security challenges.”

The second blog post reviewed how organizations can sensibly control data access.

First, entities should ensure that only individuals who need access to data actually have access to it. This could reasonable access control could include simply locking a file cabinet, or ensure that only certain personnel are able to access a database containing sensitive information.

READ MORE: FTC Data Security Enforcement Standard Center in LabMD Case

“Not everyone on your staff needs unrestricted access to all confidential information you keep,” Pahl maintained. “The better practice is to put sensible controls in place to allow access to employees who need it to do their jobs, while keeping others out.”

Limiting administrative access will also be essential in data breach prevention, the blog post stated. For example, a company should not have the same login credentials for all employees.

“The login has administrative rights that enable designated IT staffers to make system-wide changes,” Pahl suggested. “But that same login is used by the company’s receptionist, a sales assistant, and a summer intern. The wiser approach is for the company to require different logins with only those privileges necessary for that employee to do his or her job.”

Healthcare…

Written By
More from Industry News

Cyber crime: British Chambers of Commerce urges firms to ramp up defences after spate of hacks

Author: Josie Cox / Source: The Independent Last week, a study commissioned by cyber...
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *