• |

Nov. 2, 2016

Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part Two of Two)

  • Jill Abitbol
    Cybersecurity Law Report
Many companies are still wondering how to develop and implement a data security program that meets the FTC’s reasonableness requirement. “There is a hunger for a checklist,” Kelley Drye partner Alysa Hutnik told the Cybersecurity Law Report. Although not necessarily applicable across the board, the NIST Cybersecurity Framework, along with the FTC’s comments on it and its release of a new breach response guide, serve as useful resources. In this second part of our two-part series on the FTC’s data security expectations in the context of the NIST Cybersecurity Framework, in-house and outside counsel discuss how the Framework’s core functions align with the FTC’s requirements. They also provide steps companies of all types and sizes can take to incorporate these functions into their own security practices. Part one explored the implications of the FTC’s recent communication and detailed three initial steps companies should take to meet the FTC’s reasonableness standard. See also “A Behind-the-Curtains View of FTC Security and Privacy Expectations” (Mar. 16, 2016).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.