FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Meena Harris writes:

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information. The FTC specifically alleged that, although the companies made security promises to consumers that their information was adequately stored and transmitted, both failed to reasonably secure mobile apps, leaving personal data such as credit-card information and Social Security numbers at risk for interception by third parties. In particular, among other claims, the FTC charged the companies with disabling Secure Sockets Layer (“SSL”) encryption, a default security process intended to protect consumers’ information by verifying the security of app communications and ensuring that an attacker cannot access any data sent or received.

Read more on Covington & Burling InsidePrivacy.

About the author: Dissent