RT @confinservlaw: I'm hearing rumblings that May 8th is the day we've been anxiously awaiting for proposed debt collection rules.
#wineandcheese #omgfunwithsd https://t.co/lYdiWOSLkt
A recent settlement by the FTC with the manufacturer of computer routers serves as a reminder to all that in the growing Internet of Things, it is critical for companies to have effective security measures in place to protect consumer’s private data. The FTC’s latest proposed consent order targets Taiwan-based computer hardware maker ASUSTek Computer, Inc. (“ASUS”). ASUS manufactures and sells home routers and related software and services for consumer use. ASUS’s routers include software features that allow consumers to access and share files via a wireless connection through their routers. The FTC complaint contends that ASUS routers are prone to multiple vulnerabilities and that critical security flaws within the router’s software “put the home networks of hundreds of thousands of consumers at risk.” FTC Press Release: ASUS Settles FTC Charges that Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy at Risk (Feb. 23, 2016).
With no admission of liability, the parties have agreed to a consent order which requires ASUS to adopt a comprehensive security program subject to independent audits for the next twenty years. Here are the key takeaways:
The Consent Order should be reviewed by all companies involved in the Internet of Things as a risk management tool.
ASUS to fully and accurately make disclosures to consumers regarding the extent to which the company or its products or services maintain:
ASUS to develop and maintain a comprehensive written security program (“WISP”) reasonably designed to address security risks related to the development and management of their devices and to protect the privacy, security, confidentiality and integrity of consumer information. The WISP should, among other things:
Caren Enloe is a partner who concentrates her practice in consumer financial services litigation and compliance, bankruptcy, and commercial litigation with an emphasis on creditor’s rights. She has a deep understanding of the complex compliance environment surrounding the financial services industry and regularly advises financial service companies on licensing and compliance issues involving state and federal consumer protection and finance statutes. Caren is the author of a daily blog titled: Consumer Financial Services Litigation and Compliance where she posts timely and informative updates regarding the CFPB, FTC, and a host of topical litigation issues involving consumer protection law....LEARN MORE