THE FACTS

The FTC released a new guide for business that provides the next level of guidance for what companies should be doing to address this terrible threat. An article by the International Association of Privacy Professionals (IAPP) brings out some important points about the guide and the FTC in general.

THE NEW GUIDE PROVIDES 10 DISTINCT STEPS TO HELP COMPANIES IMPLEMENT GOOD SECURITY PRACTICES.

ALL OF THE PRINCIPLES ARE PRESENTED WITH SUPPORTING CASE LAW (FTC ACTIONS) AS TO WHAT THEIR INTENTIONS REALLY MEAN.

THE FTC IS A UNIQUE REGULATOR AS IT BOTH PROVIDES GUIDANCE AND ENFORCES THOSE GUIDELINES.

THE ANALYSIS

There are two essential points in the article.

WHILE THE FTC CASES ARE NOT ACTUALLY LAW, THEY ARE INTENDED TO BE TREATED BY THE COURTS AS BINDING PRECEDENTS. AS A RESULT, THEY CARRY ALMOST THE SAME WEIGHT AS ACTUAL LAW.

NO GUIDE, FRAMEWORK OR STANDARD CAN BE TAKEN AS A BIBLE FOR ALL COMPANIES TO FOLLOW. EVEN THE MOST EXPLICIT GUIDE MUST BE TAILORED TO THE SPECIFIC CIRCUMSTANCES OF THE ORGANIZATION.

Even the best security program is ineffective if it is not actually tailored to the specifics of the organization and actually in use by the organization.

THE APPLICATION

Using a template program can be a great tool to help reduce the overall cost of implementing a program, but the upfront cost is generally the least expensive part of the process. The sign of a good template program is one that has almost everything already included and provides significant guidance on what and how to adjust the program to meet the organization's needs. If the template does not include this guidance, you will have to hire an expert to do the work for you in order to be effective.