The FTC has announced settlements with both Ceridian Corporation and Lookout Services, Inc., which the FTC charged with committing unfair and deceptive trade practices. According to the FTC, Ceridian and Lookout claimed they would take reasonable measures to secure the sensitive consumer data they maintained, but failed to do so. The FTC appears to have become aware of security inadequacies after both companies experienced data breaches that affected tens of thousands of consumers.

The security problems cited by the FTC included the indefinite retention of sensitive data in readable text without a business need, the failure to require strong user passwords that are periodically changed, and the failure to provide adequate employee training.

The settlement orders prohibit misrepresentations about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. They further require the companies to implement a comprehensive information security program and to obtain independent, third party security audits every other year for 20 years.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”