FTC Recommends Greater Transparency, Better Recordkeeping and Further Streamlining of Mobile Security Practices

Yaron Dori is quoted by The Cybersecurity Law Report in an article regarding the FTC's report, “Mobile Security Updates: Understanding the Issues." “The FTC has long been interested in data security and the extent to which consumer data—especially personally identifiable or sensitive consumer data—is protected from unauthorized disclosure,” say Dori.

Dori calls the recommendation for minimum guaranteed support periods “interesting,” noting that “it is difficult to predict whether and to what extent certain types of devices – especially those that are novel or uniquely innovative—will be embraced by consumers and succeed commercially. As a consequence, it may be difficult for device manufacturers to make guarantees at the outset about the period of time they will support all types of devices.”

According to Dori, “The FTC is not shy about exercising its enforcement authority." Its reports “can be helpful both in setting a baseline for compliance activities and to understand which issues may be on the FTC's mind. It is always possible that companies whose practices do not align with the FTC's thinking may be subject to an inquiry and potentially an enforcement action.” They add that the FTC’s observations regarding mobile security updates are not altogether surprising, pointing out that “most sophisticated organizations today already take steps to ensure that devices that connect to their network or that are used by their employees contain appropriate security safeguards,” including “policies, procedures, and training programs to ensure that their employees take adequate precautions to minimize the risk that their devices will create a security risk.” However, “it always is helpful to understand how the FTC is thinking about an issue, as it helps those of us who advise clients in the space on their security and compliance activities,” concludes Dori.