Latest FTC Data Privacy Settlement May Signal More Direct Approach to Regulating Data Security
November 20, 2019
On Tuesday, November 12, 2019, the U.S. Federal Trade Commission announced a proposed settlement with InfoTrax Systems, L.C., a third-party service provider, regarding multiple data security failures.
As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network. This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider. The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.