In re TRENDnet, Inc.

The NIST Cybersecurity Framework and the FTC

Retrieved on: 
Tuesday, November 29, 2022

We often get the question, If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?

Key Points: 
  • We often get the question, If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?
  • In February 2013, President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, which called on the Department of Commerces National Institute of Standards and Technology (NIST) to develop a voluntary risk-based Cybersecurity Framework for the nations critical infrastructurethat is, a set of industry standards and best practices to help organizations identify, assess, and manage cybersecurity risks.
  • NIST issued the resulting Framework in February 2014.
  • The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices.
  • The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO).
  • Identify helps organizations gain an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities.
  • Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats.
  • The Framework breaks down each of these functions into additional categories and then provides helpful guidance.
  • As the Framework recognizes, theres no one-size-fits-all approach to managing cybersecurity risk.
  • But thats the benefit of the Framework: Its not a checklist, but rather a compilation of industry-leading cybersecurity practices that organizations should consider in building their own cybersecurity programs.
  • Section 5 of the FTC Act is the primary enforcement tool that the FTC relies on to prevent deceptive and unfair business practices in the area of data security.
  • Since 2001, the FTC has settled some 60 cases against companies the FTC alleges failed to provide reasonable protections for consumers personal information.
  • By identifying different risk management practices and defining different levels of implementation, the NIST Framework takes a similar approach to the FTCs long-standing Section 5 enforcement.
  • Many FTC cases highlight companies alleged failures to implement reasonable data security practices that the Framework emphasizes under the
    Protect function.
  • FTC orders demonstrate the importance of this function, emphasizing how consumer interests should factor into a companys recovery plan.

Camden Property Trust Announces First Quarter 2020 Earnings Release and Conference Call Dates

Retrieved on: 
Monday, April 6, 2020

The complete earnings release and supplemental data will be available in the Investors section of the website.

Key Points: 
  • The complete earnings release and supplemental data will be available in the Investors section of the website.
  • Camden Property Trust, an S&P 400 Company, is a real estate company primarily engaged in the ownership, management, development, redevelopment, acquisition, and construction of multifamily apartment communities.
  • Camden owns interests in and operates 164 properties containing 56,107 apartment homes across the United States.
  • Upon completion of 8 properties currently under development, the Companys portfolio will increase to 58,315 apartment homes in 172 properties.

Mortgage Broker That Posted Personal Information about Consumers in Response to Negative Yelp Reviews Settles FTC Allegations

Retrieved on: 
Tuesday, January 7, 2020

A California-based mortgage broker will pay $120,000 to settle Federal Trade Commission allegations that it violated the Fair Credit Reporting Act and other laws by revealing personal information about consumers in response to negative reviews posted on the review website Yelp.

Key Points: 
  • A California-based mortgage broker will pay $120,000 to settle Federal Trade Commission allegations that it violated the Fair Credit Reporting Act and other laws by revealing personal information about consumers in response to negative reviews posted on the review website Yelp.
  • In addition, they are prohibited from misrepresenting their privacy and data security practices, misusing credit reports, and improperly disclosing personal information to third parties.
  • Mount Diablo must also implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years.
  • Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

Mortgage Broker That Posted Personal Information about Consumers in Response to Negative Yelp Reviews Settles FTC Allegations

Retrieved on: 
Tuesday, January 7, 2020

A California-based mortgage broker will pay $120,000 to settle Federal Trade Commission allegations that it violated the Fair Credit Reporting Act and other laws by revealing personal information about consumers in response to negative reviews posted on the review website Yelp.

Key Points: 
  • A California-based mortgage broker will pay $120,000 to settle Federal Trade Commission allegations that it violated the Fair Credit Reporting Act and other laws by revealing personal information about consumers in response to negative reviews posted on the review website Yelp.
  • In addition, they are prohibited from misrepresenting their privacy and data security practices, misusing credit reports, and improperly disclosing personal information to third parties.
  • Mount Diablo must also implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years.
  • Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.

American Renal Associates Holdings, Inc. Announces Third Quarter 2019 Earnings Release Date and Conference Call

Retrieved on: 
Tuesday, October 22, 2019

The conference call can be accessed live over the phone by dialing (877) 407-8029, or for international callers (201) 689-8029.

Key Points: 
  • The conference call can be accessed live over the phone by dialing (877) 407-8029, or for international callers (201) 689-8029.
  • A replay will be available one hour after the call and can be accessed by dialing (877) 660-6853, or for international callers (201) 612-7415.
  • American Renal Associates (ARA) is a leading provider of outpatient dialysis services in the United States.
  • For more information about American Renal Associates, visit www.americanrenal.com .

FTC Finalizes Settlement with Online Rewards Website That Allegedly Failed to Implement Reasonable Data Security

Retrieved on: 
Saturday, July 6, 2019

The operator of an online rewards website will be required to implement a comprehensive information security program before collecting personal information as part of a final settlement with the Federal Trade Commission related to allegations that he failed to take reasonable steps to protect personal data.

Key Points: 
  • The operator of an online rewards website will be required to implement a comprehensive information security program before collecting personal information as part of a final settlement with the Federal Trade Commission related to allegations that he failed to take reasonable steps to protect personal data.
  • In a complaint, the FTC alleged that James V. Grago, Jr., deceived consumers by falsely claiming that his website, ClixSense, utilizes the latest security and encryption techniques to ensure the security of your account information.
  • In fact, ClixSense engaged in unreasonable security practices and failed to implement minimal data security measures to secure the personal data it collected, such as Social Security numbers and dates of birth.
  • If any company he controls collects or maintains personal information, Grago must implement a comprehensive information security program and obtain independent biennial assessments of that program.

FTC Finalizes Settlement with Online Rewards Website That Allegedly Failed to Implement Reasonable Data Security

Retrieved on: 
Saturday, July 6, 2019

The operator of an online rewards website will be required to implement a comprehensive information security program before collecting personal information as part of a final settlement with the Federal Trade Commission related to allegations that he failed to take reasonable steps to protect personal data.

Key Points: 
  • The operator of an online rewards website will be required to implement a comprehensive information security program before collecting personal information as part of a final settlement with the Federal Trade Commission related to allegations that he failed to take reasonable steps to protect personal data.
  • In a complaint, the FTC alleged that James V. Grago, Jr., deceived consumers by falsely claiming that his website, ClixSense, utilizes the latest security and encryption techniques to ensure the security of your account information.
  • In fact, ClixSense engaged in unreasonable security practices and failed to implement minimal data security measures to secure the personal data it collected, such as Social Security numbers and dates of birth.
  • If any company he controls collects or maintains personal information, Grago must implement a comprehensive information security program and obtain independent biennial assessments of that program.