October 28, 2022

FTC Settles with Online Alcohol Company Drizly Following Data Breach

Lori Kalani, Bernard Nash

Cozen O'Connor

+ Follow Contact

Facebook

Send

Embed

Cozen O'Connor

The FTC has settled with online alcohol vendor Drizly, LLC and its CEO James Rellas (collectively, “Drizly”), to resolve allegations that Drizly violated the FTC Act by failing to employ reasonable security practices to protect consumers’ personal information and by making false and misleading statements that appropriate safeguards were used to protect that information.
According to the Complaint, Drizly failed to develop adequate written information standards and policies; stored login credentials in a nonsecure repository; and failed to impose reasonable data access controls, monitor for unauthorized attempts to transfer or exfiltrate consumers’ personal information, engage in regular testing and risk assessments, or have a policy in place for inventorying and deleting consumers’ personal information that was no longer necessary. The company also made misleading statements concerning its information security practices in, among other places, its Privacy Policy. In 2020, a production environment data breach resulted in the exfiltration of information relating to 2.5 million Drizly consumers.
Under the FTC’s Decision and Order, Drizly must cease any misrepresentation of its data collection and security programs; delete any personal consumer information not needed to conduct business; publish a data retention schedule; and maintain a comprehensive information security program, among other things. Further, Mr. Rellas, as an individual, must maintain a suitable information security program for any business for which he is a majority owner or senior officer.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Cozen O'Connor

Contact + Follow

Lori Kalani

+ Follow

Bernard Nash

+ Follow

less

Published In:

Consumer Privacy Rights

+ Follow

Data Breach

+ Follow

Data Collection

+ Follow

Federal Trade Commission (FTC)

+ Follow

FTC Act

+ Follow

Misleading Statements

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

less

Cozen O'Connor on:

FTC Settles with Online Alcohol Company Drizly Following Data Breach

Related Posts

Written by:

Published In:

Cozen O'Connor on:

"My best business intelligence, in one easy email…"