FTC seeks extensive information from firms being investigated for P2P breaches
Firms asked to submit technology, process-related information dating back to 2007
Computerworld - Several companies being investigated by the Federal Trade Commission for inadvertently exposing customer and employee data on peer-to-peer (P2P) networks, have been asked by the agency to submit extensive information on their data-collection, usage and protection practices.
A redacted copy of a request for such information, which the FTC sent to a company that's under investigation, was obtained by Computerworld. It showed the agency is seeking information, dating back to mid-2007, on a wide-range of technology and process-related topics.
For instance, the FTC is asking for detailed information on the types of personal information being collected by the company, the purpose for which it is being used, and how the data is collected, shared and stored.
The letter seeks "detailed descriptions" on how the company compiles, maintains and stores personal information, as well as "high-level diagrams setting out the flow paths" of personal information from source to the point of use.
The company is also required to identify by name, location and operating system every computer that is used to collect and store personal information. In addition, it is required to provide a "narrative" or a blueprint that describes network components in minute detail, down to individual firewalls and routers, and even database tables and field names containing personal data.
The FTC is also requiring any information the company has about its knowledge of the data leaks. The details sought include who knew about the breaches, when, what attempts the company made to inform affected individuals, and why P2P software was allowed to be installed on a company system.
The FTC's 12-page Civil Investigative Demand (CID) letter, which Computerworld viewed, is essentially a federal subpoena that signals the start of a full-fledged federal investigation of a company.
Earlier this week, the FTC announced that it had launched "non-public" investigations against an undisclosed number of companies after discovering they had leaked sensitive personal information on P2P networks.
The companies were targeted for the investigation following a broad FTC probe, during which the agency discovered confidential data from scores of companies available publicly on file-sharing networks.
The data discovered by the FTC included health-related information, financial records, driver's license and Social Security numbers, and other sensitive information belonging to customers and employees at many companies.
In addition to the formal investigations against several companies, the FTC said it had also sent out letters notifying about 100 other companies regarding sensitive and confidential data from their networks being found on publicly available P2P networks.
The notification letters urged the targeted companies to review their security controls and warned them that the data leaks could be putting them in violation of laws enforced by the FTC.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!