Business records management and vendor data transfer

by on July 6, 2009 · 0 Comment POSTED IN: HR Info Center

Your business records management plan needs to factor in data security by your vendors as well

The FTC expects companies to take steps to make sure that their vendors are protecting their data. One particular example includes contractual obligations about business records management and data security provisions in your vendor contracts.

FTC’s viewpoint is on business records management best practice is important is because the FTC has really taken the role of privacy watchdog here in the US.

The FTC has the authority to bring claims for unfair or deceptive trade practices, which is very, very broad just like it sounds. They have used that authority to bring claims against companies that have had inadequate data security practices.

Usually these claims have risen under the sort of deceptive clause of the FTC’s authority. The idea being that a company made promises to the public regarding business records management that it had great data security and actually had terrible data security and therefore deceived the public by making the promises.

A great example of this comes from a January 2008 FTC decision and consent decree. . The consent decree was entered into with an online retailer called Life is Good Inc.

The allegations were that that Life Is Good, Inc. had a privacy policy, assuring it’s costumer that it secured credit data that was submitted online. But in the FTC’s view, they actually did not take adequate measures to protect the data security and some identity theft occurred as a result.

So, entered into a 20 year Consent decree with the FTC at which it promised to do better with the security aspect of its business records management policy and data security practice and to follow certain rules. And so, that’s the idea that there’s a promise made to the public and the company doesn’t live up to it. It will be prosecuted.

Edited remarks from the Rapid Learning Institute webinar: “Identity Theft: What HR Can Do To Protect Sensitive Employee Data” by Christine E. Lyon, Esq.

Leave a Reply


Request a Free Demo

We'd love to show you how this industry-leading training system can help you develop your team. Please fill out this quick form or give us a call at 877-792-2172 to schedule your one-on-one demo with a Rapid Learning Specialist.