The recent appeals court ruling that allows the Federal Trade Commission to punish firms whose data management systems have been breached by hackers underscores the need for companies to undergo rigorous audits of data security compliance standards and practices.
“This is very much like punishing a bank for being robbed,” said Eric Ratcliffe, Director at 360 Advanced, a national, multi-service, licensed Certified Public Accountant (CPA) and Qualified Security Assessor (QSA) firm that specializes in integrated compliance solutions for service providers. “Instead, the federal government should be doing all it can to help firms protect themselves against hacking.”
Ratcliffe said the recent ruling by the U.S. Third District Court of Appeals affirming the FTC’s right to take punitive measures against firms victimized by hackers will have companies scrambling to make sure their data security compliance audits are current – as well as those of their third party data management vendors.
The appeals court ruled that the Federal Trade Commission has the authority to sue Wyndham Hotels for allowing hackers to steal more than 600,000 customers’ data from its computer systems in 2008 and 2009, leading to more than $10 million in fraudulent charges.