Citation[]
Federal Trade Commission, Bureau of Consumer Protection, Protecting Personal Information: A Guide for Business (Nov. 2011) (full-text).
Overview[]
In 2007, the FTC developed and published guidance that is the centerpiece of the FTC's data security outreach effort for businesses. This publication was updated in 2011.
This plain-language brochure offers businesses practical tips on securing sensitive data, based on the principle that many breaches can be prevented by commonsense measures that are relatively simple to implement. The Guide is designed to provide businesses, both large and small, with a five-step approach to building an effective information security program.
Any business or office that keeps personal information should (1) take stock of the consumer information that it collects and stores, (2) scale down the information that it keeps, (3) protect that information, (4) properly dispose of the information it no longer needs, and (5) plan ahead for potential data breaches.