The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.”  Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses.”  The new Initiative is part of Acting Chairman Ohlhausen’s pledge earlier this year to be more transparent with businesses about what the FTC considers to constitute reasonable data security practices.

The first blog post in the series focuses on “recurring themes that run through the investigations that are ultimately closed without law enforcement.”  The post notes that those companies’ practices often line up with those recommended in the Start With Security guide, that press reports do not always report the full story of an incident, that proceeding further with the investigation “wouldn’t be a good use of resources,” that the FTC may not be the “right agency” to investigate the incident, or that “the risk of the vulnerability being exploited to cause consumer injury is more theoretical than likely.”