In this episode, I dive into the FTC's enforcement action against Marriott, issued on October 9, 2024. (Link to case)
Below are my key takeaways from this enforcement action:

Due Diligence for Mergers: Ensure thorough due diligence on data security when acquiring a new company.
Implement Reasonable Data Security Policies: Companies should adopt security measures addressing common vulnerabilities across their assets.

Start with a security framework or hire a third-party assessor if budget allows to evaluate internal systems for vulnerabilities.
Flag systems storing sensitive information to enforce and maintain robust security protocols.

Accurate Privacy Policy Representation: Make sure your privacy policy aligns with actual security practices.

Avoid using absolute terms like “industry standard” or “the best.”
Instead, provide a realistic overview of security practices without overpromising.

Ver todos los episodios