In its recently released Privacy & Data Security Update, the FTC recapped its 2017 privacy and data security enforcement actions, advocacy, workshops and guidance, providing valuable information about steps companies can take to ensure their privacy and data security measures are up-to-snuff. In this first part of our article series covering lessons from the Update, we examine, with expert insight, enforcement highlights – from financial services actions to general privacy cases – and what these actions tell us about steps companies should take to comply with applicable laws and steer clear of the FTC’s reach. Part two will cover what can be learned from the FTC’s 2017 workshops and guidance and shed light on what to expect from the agency in 2018. See also “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017).