CSO — Court: FTC can take action on corporate data breaches

Posted on Sep 3, 2015 in Quoted by Press |


FTC enterprise data security

FTC can take action on corporate data breaches

CSO Magazine reporter Maria Korolov interviewed Protegrity CEO Suni Munshani for an article she wrote about a ruling by the U.S. Court of Appeals that says the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.


 

The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts — and lapses. But security experts are split about whether the decision will help improve enterprise security.

“It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information,” said Federal Trade Commission Chairwoman Edith Ramirez in a statement.

Specifically, last week’s decision allowed the FTC to take action against Wyndham Hotels and Resorts for failing to reasonably protect consumers’ personal information between 2008 and 2010, when hackers broke in three times and stole more than 600,000 bank card numbers.

Together with another court decision this summer allowing class action lawsuits against breached companies, this ruling means that data breaches are about to get a lot more expensive.

. . .

The big winners in this debate are the security vendors, who are expecting to see enterprises become more receptive to new approaches — and to bigger security budgets.

. . .

For example, enterprises should admit that traditional walled-garden-style approaches to security are no longer enough. Criminals will break in, and companies need to add layers of protection around the data itself.

That could be via broader adoption of encryption, said Suni Munshani, CEO at Stamford, CT-based Protegrity USA, Inc.

 

“In case of a breach, the scrambled data cannot be understood by unauthorized individuals,” he said.

 

But all these efforts won’t be going to waste, he added.

 

“While security firms may benefit from this ruling, the real winners are those consumers who want their sensitive information better protected,” he said.

The complete article can be found here.