FTC seeks extensive information from firms being investigated for P2P breaches
Firms asked to submit technology, process-related information dating back to 2007
Computerworld - Several companies being investigated by the Federal Trade Commission for inadvertently exposing customer and employee data on peer-to-peer (P2P) networks, have been asked by the agency to submit extensive information on their data-collection, usage and protection practices.
A redacted copy of a request for such information, which the FTC sent to a company that's under investigation, was obtained by Computerworld. It showed the agency is seeking information, dating back to mid-2007, on a wide-range of technology and process-related topics.
For instance, the FTC is asking for detailed information on the types of personal information being collected by the company, the purpose for which it is being used, and how the data is collected, shared and stored.
The letter seeks "detailed descriptions" on how the company compiles, maintains and stores personal information, as well as "high-level diagrams setting out the flow paths" of personal information from source to the point of use.
The company is also required to identify by name, location and operating system every computer that is used to collect and store personal information. In addition, it is required to provide a "narrative" or a blueprint that describes network components in minute detail, down to individual firewalls and routers, and even database tables and field names containing personal data.
The FTC is also requiring any information the company has about its knowledge of the data leaks. The details sought include who knew about the breaches, when, what attempts the company made to inform affected individuals, and why P2P software was allowed to be installed on a company system.
The FTC's 12-page Civil Investigative Demand (CID) letter, which Computerworld viewed, is essentially a federal subpoena that signals the start of a full-fledged federal investigation of a company.
Earlier this week, the FTC announced that it had launched "non-public" investigations against an undisclosed number of companies after discovering they had leaked sensitive personal information on P2P networks.
The companies were targeted for the investigation following a broad FTC probe, during which the agency discovered confidential data from scores of companies available publicly on file-sharing networks.
The data discovered by the FTC included health-related information, financial records, driver's license and Social Security numbers, and other sensitive information belonging to customers and employees at many companies.
In addition to the formal investigations against several companies, the FTC said it had also sent out letters notifying about 100 other companies regarding sensitive and confidential data from their networks being found on publicly available P2P networks.
The notification letters urged the targeted companies to review their security controls and warned them that the data leaks could be putting them in violation of laws enforced by the FTC.
- 3 privacy violations you shouldn't worry about
- U.S. commercial drone industry struggles to take off
- Snowden leaks erode trust in Internet companies, government
- NSA phone metadata collection program renewed for 90 days
- NSA isn't evil, says noted civil libertarian
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic
- Path Selection Infographic
- Hyperconvergence Infographic
- A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era
- From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs
- If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity... All Government IT White Papers
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- All Government IT Webcasts