Data breaches have affected numerous companies over the past few years.  Companies frequently mismanage their efforts to mitigate the effects of these breaches and do not have a complete and thorough understanding of the facts.  Such oversights and the failure to be proactive can potentially lead to public relation nightmares, as seen from some recent data breaches.

Employees often demand to use their own electronic devices to interact with the companies’ systems. Given the 24-hour demands of our ever-connected society and the ubiquitous nature of such devices, allowing employees to use such devices can be attractive — even tempting — for the employer.  Such employer permission and employee permitted use, however, brings significant and often difficult security issues that must be considered to mitigate security risks.

On March 26, 2012, the Federal Trade Commission (“FTC”) issued its Protecting Consumer Privacy in an Era of Rapid Change Report (the “Privacy Report”), setting out recommended “best practices” for protecting consumers’ private information.  http://www.ftc.gov/os/2012/03/120326privacyreport.pdf.  In the Privacy Report, the FTC did a thorough job of identifying the issues that are being discussed among privacy professionals. For example, the privacy by design concept has been implemented by my clients since as early as 2005.  Likewise, the Digital Advertising Alliance and others have done an excellent job with the Do Not Track mechanism, which is captured in the Privacy Report.  In sum, the Privacy Report does outline general statements on privacy practices that most would agree deserve consideration in every organization.