The Federal Trade Commission seems to be stepping up enforcement activity against companies that don’t safeguard customer data, and has heightened expectations for how that data must be protected.
Until recently, the FTC only targeted companies that had broken promises they had made regarding data security, notes Deborah Birnbach, a partner with the law firm Goodwin Procter in Boston. But, in addition to going after deceptive practices, the FTC has begun to show an interest in companies that adhere to the assurances they make about data security but nevertheless don’t have procedures that the agency deems sufficient, she says.
