The Chairman of the Federal Trade
Commission (FTC) warned
that the agency will begin prosecuting companies that divulge private consumer
information as a result of security glitches. Chairman Timothy Muris, speaking
on June 11, 2002 at the Networked Economy Summit sponsored by George Mason
University in Reston, VA, said
that he expects more actions against companies, particularly if the release was
the result of poor security practices.
In January 2002 the FTC announced
a settlement with Eli Lilly and Co. resulting from the company’s inadvertent
release of some 700 customer addresses caused by e-mails sent to subscribers of
Prozac Web site updates which included all the addresses in the "To"
field of the message.
Muris said that when made aware of security breaches, the FTC will
investigate and try to answer two questions: Did the company have a system in
place that was appropriate for the sensitivity of the information? And did it
follow its own procedures? Under the settlement with Eli Lilly, the company was
required to upgrade its information security practices and conduct an annual
security review. Prior to the Eli Lilly settlement, the FTC did not concern itself
with non-wilful disclosures of information.
Why This Matters: Chairman
Muris’ warning is clear -- the FTC intends to move aggressively in prosecuting
companies even for inadvertent security glitches that divulge consumer
information. Companies are, thus, well advised to review their security
procedures or find themselves on the wrong end of a costly FTC investigation.
This article originally appeared in ADLAW By Request, a publication of Hall Dickler Kent Goldstein & Wood LLP.
The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.