The FTC has announced settlements with both Ceridian Corporation and Lookout Services, Inc., which the FTC charged with committing unfair and deceptive trade practices. According to the FTC, Ceridian and Lookout claimed they would take reasonable measures to secure the sensitive consumer data they maintained, but failed to do so. The FTC appears to have become aware of security inadequacies after both companies experienced data breaches that affected tens of thousands of consumers.

The security problems cited by the FTC included the indefinite retention of sensitive data in readable text without a business need, the failure to require strong user passwords that are periodically changed, and the failure to provide adequate employee training.

The settlement orders prohibit misrepresentations about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. They further require the companies to implement a comprehensive information security program and to obtain independent, third party security audits every other year for 20 years.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

As part of her practice, she also regularly represents clients in strategic transactions involving personal data and cybersecurity risk. She advises companies from all sectors on compliance with laws governing the handling of health-related data. Libbie is recognized as an Up and Coming lawyer in Chambers USA, Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”