Companies should develop data security plans because they're bound to be subject to data breaches, said Federal Trade Commissioner Julie Brill during a discussion about privacy issues at New York's sprawling Advertising Week event.
Firms should address data privacy and security as two sides of the same coin, she said during a panel hosted by ad industry law firm Davis and Gilbert. "Everyone is going to be subject to a breach," she suggested, referring to companies at risk of data hacks and leaks. "It's just an issue we're going to have to address."
Planning for data security, she added, should be an ongoing process involving risk assessment, who has access to data and data minimization -- meaning limiting the amount of data harvested.
The question of how much data companies should collect is "a conundrum," she said. "You can't ignore issues around data minimization. Collection is going to be important…especially when that information is linkable to individuals," noted the commissioner, who stressed she was speaking for herself rather than on behalf of the FTC.
Lots of companies gather data without any clear reason, simply because they might have use for it down the road. "That's really punting the problem," said Ms. Brill.
The agency has taken a special interest lately in mobile technology and the Internet of Things, a catchall phrase referring to wearable devices and household products that generate data, such as health monitors and Internet-connected thermostats. "We're moving where consumers move," she said.
Emerging Internet of Things products create "lots and lots of deeply personal information and consumers absolutely have to worry about data security," she said.