Les Jones

E-commerce > FTC Chairman: "inadequate data security can be an unfair business practice"

From InternetNews via a colleague.

Testifying before a Senate panel investigating possible national legislation aimed at better data protection and a national data breach disclosure law, FTC Chairman Deborah Majoris said BJ's Wholesale Club agreed to settle FTC charges that it failed to take adequate measures to protect consumers' personal information.

"For the first time we allege that inadequate data security can be an unfair business practice," Majoris told a Senate panel. "This action should provide clear notice to the business community to establish and maintain reasonable affirmative security measures."

The settlement requires BJ's, which operates 150 warehouse stores and 78 gas stations in 16 states, to implement a comprehensive information security program while submitting to third-party security audits every other year for 20 years.

According to the FTC complaint, BJ's failed to encrypt consumer information when it was transmitted or stored on the company's computers and created unnecessary risks by storing the data even when it no longer needed the information.