FTC Finalizes Settlement with Technology Company Whose Allegedly Lax Information Security Policies Resulted in Data Breach
On January 6, 2020, the FTC finalized a settlement with a technology company for alleged violations of the FTC Act, including its failure to implement reasonable information security safeguards, allowing a hacker to access personally identifying information for more than a million consumers. WBK previously reported the proposed settlement here.
The finalized settlement incorporates the substantive terms of the proposed settlement, and requires the company to cease collecting, selling, sharing, or storing personal information until it implements a comprehensive information security program. The company also must participate in third-party assessments of its security policies and procedures, submit annual certifications, and meet other reporting, monitoring, and recordkeeping requirements related to its information security programs.