D-Link Systems FTC settlement
Key point
The trend of providing more detailed specifications for how companies should implement information security programs under Section 5 continues. The FTC is also willing to consider accepted industry standards in determining what constitutes appropriate technical security safeguards.
D-Link Systems, Inc., a smart home products manufacturer, reached a settlement agreement in July 2019 with the Federal Trade Commission (FTC). The settlement ends FTC litigation against D-Link stemming from a 2017 complaint in which the agency alleged that, despite claims touting device security, vulnerabilities in the company’s routers and Internet-connected cameras left sensitive consumer information, including live video and audio feeds, exposed to third parties and vulnerable to hackers.
The D-Link settlement is another example of the FTC imposing more specific requirements as part of the comprehensive security programs it mandates to settle claims of alleged failures to provide reasonable security controls (See DealerBuilt: The FTC increases security standard requirements in 2019). In D-Link, the FTC goes even further by:
- requiring D-Link to agree to specific injunctive relief in which it cannot sell, distribute, or host on its website certain software in a particular manner and must provide appropriate notices to consumers…
