The Anatomy of an FTC Data Security Lawsuit
Anne Bolamperti and Patrick X. Fowler of Snell & Wilmer write:
The Federal Trade Commission (“FTC”) has described itself as “Your cop on the privacy beat” and a top federal regulator of consumer-facing data security practices. An example of how the FTC asserts itself when it comes to data security and privacy associated with Internet of Things (“IoT”) devices can be found in the case of Federal Trade Commission v. D-Link Systems Inc., currently pending in federal court in California.
FTC Stance: Poor IoT Security +/or Misleading Ads = Deceptive/Unfair Trade Practice
The D-Link case stems from the FTC’s January 5, 2017 complaint against Taiwanese IoT hardware device manufacturer D-Link Corporation and its U.S. subsidiary D-Link Systems Inc. The FTC seeks to stop D-Link from engaging in allegedly unfair or deceptive acts in violation of Section 5(a) of the Federal Trade Commission Act (“FTC Act”). The FTC claims that the defendants failed to reasonably secure IoT network routers and Internet-accessible cameras that they sold in the U.S. and made deceptive statements about the degree of data security of those products.
Read more on Cybersecurity & Data Law Privacy Blog. There was a recent settlement conference in this case, but it doesn’t seem like there was any settlement and the case is still scheduled to go to trial in June, it seems.