The Federal Trade Commission sent out letters to approximately 100 organizations, urging them to review their data security practices after discovering that many of those firms’ private files were found on peer-to-peer file sharing websites. The letters notified the recipients that files containing sensitive personal information of their employees or customers were found on P2P file sharing networks, where they could be accessed by those seeking to commit identity theft or fraud. Recipients of the letters included both public and private entities, ranging from local governments to large corporations with thousands of employees. The letters reminded companies that it was their responsibility to ensure that their internal security procedures, included controls over use of internal and external P2P software and other appropriate security measures to protect sensitive data.

TIP: These FTC letters suggest that the agency is continuing its efforts to enforce failures to protect the security of sensitive personal information. FTC enforcement in this area falls under its authority to stop deceptive and unfair practices, with the failure to protect data viewed as an unfair act. Companies should review their security practices, including use of P2P software, to ensure that access to sensitive information is properly restricted.