Last month, the Federal Trade Commission announced that ASUSTeK Computer, Inc. has agreed to settle charges of “unfair and deceptive” practices related to the security of its products. ASUS is a Taiwanese company that manufactures and sells routers and related software and services for consumer use. The charges arose from vulnerabilities in ASUS’s routers and its “cloud” services (“AiCloud” and “AiDisk”), which allow consumers access to their stored data through their routers from any of their devices. The FTC alleged that security failures and misrepresentations made by ASUS violated Section 5(a) of the FTC Act, which prohibits unfair and deceptive acts or practices in or affecting commerce. Similar to other FTC data privacy settlements, the order will be in place for 20 years and requires ASUS to establish, implement, and maintain a comprehensive security program and obtain initial and biennial third party assessments to assess the implementation of these security controls.