Communications Litigation Today was a Warren News publication.

FTC's Ramirez Outlines Data Security, Privacy Strategies, at IoT Global Summit

The “potential” for data breaches “grows apace as the number of connected devices multiplies,” said FTC Chairwoman Edith Ramirez in remarks prepared for Monday's Internet of Things Global Summit. “The risks those breaches pose intensify as we adopt more and more devices linked to our physical safety, such as our cars, our medical care, and our homes.” The FTC is “concerned that some companies are underinvesting in security,” said Ramirez. “We’ve found that some organizations fail to take even the most basic security precautions, such as updating antivirus software or requiring network administrators to use strong passwords.” Data security should be built into a company’s devices from the “outset, not as an afterthought,” she said. Data collectors should “follow the principle of data minimization,” which would limit data collection for a “specific purpose," said Ramirez. Companies should also “appropriately de-identify consumer data,” she said. “Those handling data should give consumers simplified choices for unexpected collection or uses of their data,” Ramirez said. “Transparency” is the most important goal for data collectors, she said. Privacy policies for businesses are “broken,” she said. “Too many companies use them primarily as tools to shield themselves from liability,” said Ramirez: “This must change.” She said such policies should “clearly lay out what data is being collected, how it is being used, and with whom it will be shared.” The FTC last week commended the National Highway Traffic Safety Administration for taking privacy and security concerns into account, in a rulemaking on vehicle-to-vehicle communication capability for passenger cars and light trucks (see 1410240027).