FTC Enforcement–Consumer Data Security

This report was originally published by Davis & Gilbert


Below is a Davis & Gilbert Advertising, Marketing & Promotions Alert written by Alison Fitzpatrick, Partner, Vivian Byrwa, Associate, and Samantha G. Rothaus, Associate, discussing the Federal Trade Commission’s (FTC) recently announced settlements with operators of two websites, i-Dressup and ClixSense, claiming that the sites failed to take reasonable steps to protect consumer data, which resulted in the sites being accessed by hackers.

The security of consumer data is an important priority for the FTC and has become even more important in recent years, particularly when such data is subject to attacks by malicious third parties. The FTC emphasized that both settlements contained “new requirements” going beyond requirements from previous data security orders.

Perhaps even more importantly, the FTC’s statement indicated that the agency has instructed staff to closely review its orders to determine whether they can be strengthened and improved, “particularly in the areas of privacy and data security” and particularly with respect to “data security assessments of companies by third parties.” This suggests that the FTC is likely to continue to bring such actions going forward — and may seek stronger penalties than it has in the past.

Download Davis & Gilbert | Two Websites Settle FTC Allegations that They Failed to Secure Consumer Data