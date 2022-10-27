Despite many data privacy enforcement actions being launched against larger tech companies, the Federal Trade Commission recently took action against Drizly and its CEO for a data breach in 2018 (pre-Uber acquisition). Drizly is an online platform for ordering alcohol delivery.

In its complaint, the FTC cited Drizly and its CEO's failure to implement basic security measures - including proper storage and monitoring for threats. Drizly, its CEO, and the FTC agreed to a consent order requiring Drizly to destroy unnecessary data, limit its future collection, and create a data security program.

The important takeaways here are:

The FTC may start enforcing against start-ups and other small companies;

The corporate veil may not always shield CEOs and other officers from the FTC's (or any other regulator's) wrath; and

The privacy and security work that a company does early, while it may take a few dollars from marketing in the near term, will pay incredible dividends later on by avoiding litigation with the FTC, or being sued by private citizens if there is a data breach - the cost of which is higher than ever before.

"The global average cost of a data breach has reached an all-time high of $4.35 million."

