On February 22, 2010, the Federal Trade Commission issued a news release indicating that it had notified almost 100 organizations that personal data about their customers, students or employees had been shared from their computer networks on peer-to-peer (“P2P”) file sharing sites, thereby exposing the data of affected individuals to possible identity theft and fraud. In its letters, the FTC urged recipient entities to review their internal security procedures and the security procedures of their third party service providers. The letters also recommended that the companies identify affected individuals and consider whether to notify them of the possible risks to their personal information pursuant to applicable state and federal data security breach notification laws. Samples of the FTC’s letters were published with the news release and are available on the FTC’s website.
In addition, to help companies manage security risks related to P2P networks, the FTC published a Guide for Businesses on Peer-to-Peer file sharing and provided a link to a P2P Security Guide for consumers.
Hunton & Williams partner, Lisa J. Sotto, discussed the FTC’s release in USA Today’s Technology Live Blog.