The FTC recently recapped its 2017 enforcement actions, workshops and other guidance, and provided information on best privacy and data security measures for companies, big and small. It addressed issues such as IoT devices, payment systems, artificial intelligence and blockchain technologies. In this second article of our two-part series, legal and technical experts distill valuable lessons from the agency’s 2017 workshops and guidance and discuss what to expect from the FTC in 2018. In the first part, we examined 2017 enforcement highlights and steps companies can take to comply with applicable laws and steer clear of the FTC’s reach. See also “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017).