Companies Forced to Live up to Security Promises
The Federal Trade Commission has recently settled a lawsuit against ValueClick amounting to 2.9 million dollars. ValueClick was found guilty of making email and advertising claims that were deceptive and misleading. The company was also found guilty of violating its own privacy policy, which promises, according to DarkReading, to protect customer data and implement “reasonable security measures.” ValueClick’s privacy policy promises encryption but the company failed to provide data entryption and did not fix reported vulnerabilities to SQL injection attacks.
The FTA decision in the ValueClick case opens the door for enterprises to be held responsible for negligence and for failing to implement the required security measures to achieve the user data protection they promise.
“The FTC ruling sends a powerful message to the business community,” says Scott Kamber, a partner at Kamber Edelson LLC, a legal firm that specializes in cyber security law.
“In the past, companies that failed to protect customer data have argued that they are immune from prosecution unless consumers can directly prove that they suffered harm from the breach of their personal information,” Kamber explains. “Given that hackers are generally pretty good at covering their tracks, this argument — if accepted — would mean that few companies would have to account for their negligence.”
With the ValueClick settlement, Kamber says, “the FTC has made clear that common sense will prevail over technical legal arguments, at least when it comes to governmental sanctions. We believe the FTC’s ruling will help with the current cases we are prosecuting, as well as future ones we are contemplating.”
With laws imposing clear requirement for companies, they will no longer be able to hide behind vague security claims and data loss prevention will become a major concern for all those dealing with private records. Hopefully, these laws, supported by international standards, will help prevent fraud, data loss and theft and other types of security breaches.
