Skip to content

It looks like we may have content for your preferred language. Would you like to view this page in English?

Data Security: How to Answer When the FTC Comes Calling

On May 20, 2015, Mark Eichorn, Assistant Director of the Federal Trade Commission, posted a blog post titled “If the FTC Comes to Call,” which outlined what companies should expect when the FTC initiates an investigation into their data security practices.

This article examines the messages that Eichorn sent in his post, including the type of information the FTC reviews and the parameters it uses during an investigation. The author also addresses steps that companies can take to ward off investigation, including ensuring that internal and consumer-facing practices reflect written data security policies, training employees and vendors to comply with written policies, and regularly reviewing policies and compliance with any industry regulations.