FTC Report on Internet of Things Urges Best Practices

Internet & Privacy Blogs

Written By ESR News Blog Editor Thomas Ahearn

The Federal Trade Commission (FTC) has released a detailed report – ‘Internet of Things: Privacy & Security in a Connected World’ – that recommends best practices that businesses can follow to enhance and protect the privacy and security of American consumers in a world of Internet-connected devices.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez stated in a press release. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”

The Internet of Things report includes these recommendations for companies developing devices:

  • Build security into devices at the outset, rather than as an afterthought in the design process;
  • Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization;
  • Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers;
  • When a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk;
  • Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network;
  • Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

According to data cited in the Internet of Things report, there are now over 25 billion connected devices in use worldwide. That number is set to rise significantly as consumer goods companies, auto manufacturers, healthcare providers, and other businesses continue to invest in connected devices.

The Internet of Things report is partly based on input from the leading technologists and academics, industry representatives, consumer advocates and others who participated in the FTC’s Internet of Things workshop held in Washington D.C. on Nov. 19, 2013, as well as public comments to the FTC.

The FTC works to prevent fraudulent, deceptive, and unfair business practices. The Internet of Things report is available at http://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.

ESR SOC 2 Report for Privacy & Security on Internet

The Employment Screening Resources® (ESR) SOC 2 audit report ensures ESR meets standards set by the American Institute of Certified Public Accountants (AICPA) to protect the security, confidentiality, and privacy of consumer data. To learn more, visit http://www.esrcheck.com/SOC-2/.