A Legal Guide to PRIVACY AND DATA SECURITY 2024

In re Choicepoint (2006) . A database owner and data broker, agreed to pay $15 million to settle charges filed by the FTC for failing to adequately protect the data of millions of consumers. Choicepoint had failed to exercise proper credentialing procedures that resulted in fraudulent access of personal information and identity theft by those accessing the information. (FTC File No. 052-3069). In re Microsoft Corp. (2002) . (FTC File No. 0123240, M03) and In re Guess.com Inc. (2003) . (FTC File No. 0223260). In both of these actions, the FTC claimed that the companies misrepresented security protections on their websites and failed to provide even the most basic data security safeguards. No data was actually lost in either of these cases and there was no data breach. Still, the promise or misrepresentation of data security was sufficient for the FTC to take action. Neither Microsoft nor Guess paid a fine but they were required to establish extensive written security programs and remain open to privacy audits for 20 years. In re HireRight Solutions, Inc. (2012) (FTC File No. 102- 3130) (FTC File No. 102- 3130) Employment background checking company providing “consumer reports” failed to use reasonable procedures to assure the maximum possible accuracy of the information, failed to give consumers copies of the reports, and failed to investigate consumer disputes. It agreed to pay $2.6 million for FCRA violations in addition to other corrective actions. On December 17, 2015, LifeLock, Inc. agreed to pay $113 million to settle charges made by the FTC that the company had failed to create and maintain a comprehensive information security program to protect customers’ personal data, including social security and bank account information. This was largest monetary award obtained by the FTC in an order enforcement action. Challenging FTC Jurisdiction in Data Security Actions. Does the FTC have the authority to regulate and impose data security standards on private businesses under the FTC Act?

29

Made with FlippingBook - Online Brochure Maker