TYPICAL FTC ACTION: VALUECLICK CASE

摘要

The FTC's recent $2.9 million settlement with ValueClick, an integrated online marketing services firm, offers a good example of the types of data security-related missteps the agency prosecutes. The FTC said that ValueClick and its subsidiaries, Hi-Speed Media and E-Babylon, not only violated federal law with deceptive advertising and emails, but also "failed to secure consumers' sensitive financial information, despite their claims to do so." In addition, the FTC charged the three companies with misrepresenting the security measures they'd put in place to safeguard customers' sensitive financial information. Notably, the FTC said the companies published online privacy policies claiming they encrypted customer information, but either didn't actually encrypt the information at all or used non-standard forms of encryption. Also notable was the FTC's charge that several of the companies' websites were vulnerable to SQL injection attacks, despite the fact that the companies claimed they implemented reasonable security measures.