The FTC has emerged as the leading investigator of privacy and security breaches, and has sanctioned companies and institutions across industries for breaches.  This presentation reviews the FTC’s track record, examines lessons learned from each sanction, and provides guidance based on current and proposed regulations.

Over the last decade, in the absence of a national Consumer Privacy Watchdog/Czar, the Federal Trade Commission (FTC) has set the standard for what it considers acceptable, and unacceptable behavior for companies and organizations conducting business within the United States.

The FTC doesn’t involve itself in the minutae of security standards ‘ala HIPAA, PCI, etc, nor does it dictate what protocols or technologies companies need to use.  Rather, the FTC uses it’s Constitutional and Congressional mandate for regulating Interstate Commerce to hold companies accountable for their breaches.

This presentation will examine the FTC’s track record, put the sanctions in a larger context of privacy and security breaches, and most importantly, we will look at where the FTC is trending with the FTC Health Breach and RED FLAG regulations.

Whether you deal with physical security, digital security, Risk Management or Compliance, you WILL learn something valuable, and relevant here.

This presentation provides 2 CPEs at NYS CyberSec2010 and ISC2 Security Congress 2011