FTC Approves Order Settling Data Breach Charges

Explore:  Data Breach FTC Settlement

On May 3, the FTC approved a final order settling charges against a California-based cord blood bank firm alleged to have violated the FTC Act by failing to use reasonable and appropriate procedures for handling customers’ personal information, despite its privacy policy claims to the contrary. Further, the FTC alleged that the firm created unnecessary risks to personal information by transporting portable data storage devices containing personal information in a manner that made the information vulnerable to theft, and failed to prevent, detect and investigate unauthorized access to computer networks. According to the FTC, these practices resulted in a data breach in which certain portable devices were stolen from an employee’s personal vehicle and the personal information of nearly 300,000 customers was compromised. The settlement requires the company to establish a comprehensive information security program and submit to security audits by independent auditors every other year for 20 years, and prohibits the company from misrepresenting the privacy and security of information collected from consumers.


Topics:  Data Breach, FTC, Settlement

Published In: Antitrust & Trade Regulation Updates, Consumer Protection Updates, Health Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »