Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court: FTC Can Punish Companies With Sloppy Cybersecurity

Posted by samzenpus on Monday August 24, 2015 @09:30AM from the who's-to-blame dept.

jfruh writes: The Congressional act that created the Federal Trade Commission gave that agency broad powers to punish companies engaged in "unfair and deceptive practices." Today, a U.S. appeals court affirmed that sloppy cybersecurity falls under that umbrella. The case involves data breaches at Wyndham Worldwide, which stored customer payment card information in clear, readable text, and used easily guessed passwords to access its important systems.

1 of 86 comments (clear)

Min score:

Reason:

Sort:

Re:Written by Skuld-Chan · 2015-08-24 15:33 · Score: 3, Informative

PCI Compliance? While I agree its not 100% perfect - having documentation from some compliance officer at your company that you met or exceeded all their baseline recommendations should get you out of hot water if something bad were to happen.
If you work in the medical field - there's HIPAA - which again most hospitals, clinics and labs probably have a compliance person on staff that is supposed to set policy on this sort of thing and audit systems for compliance.
If you google around there's a standard for every single business/market you can think of.