The FTC recently announced a settlement with a company over its allegedly lax security practices. According to the FTC, TRENDnet markets web video cameras for various uses including home security, and in its advertising stated that the cameras were "secure" devices. Such security claims included express statements as well as images of padlocks. According to the FTC complaint, however, TRENDnet failed to use reasonable security measures on its software, which resulted in some users' private videos being publically viewable and listened to online. This included transmitting user login credentials over the Internet in clear, readable text; storing those credentials on users' mobile devices in clear text; and failing to test the sufficiency of its security measures. The FTC settlement, among other things, prohibits TRENDnet from misrepresenting to consumers the security of its devices, requires it to create and follow a comprehensive security program and test and ensure the levels of protection of the program it adopts, and to get biennial, independent assessments of its security measures. The consent agreement is open to public comment until October 4, 2013.
Tip: This case serves as a reminder that the FTC views –and will enforce- as an unfair act measures which it believes provide inadequate security measures for consumer information. Companies can limit exposure by examining their security practices, and evaluating if they will help avoid potential exposure of consumer information.