Legal Library: Cases and Proceedings

Blackbaud, Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the FTC over charges that the company’s lax security allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.

The FTC  charged Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.

X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle FTC allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.

The FTC alleged that Global Tel*Link Corp. and two of its subsidiaries failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.

The FTC alleged that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.

The FTC is sending payments totaling more than $370,000 to consumers who were harmed by the data security failures of online merchandise platform CafePress.

The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.

The FTC taking action against education technology provider Chegg Inc. for its lax data security practices that exposed sensitive information about millions of its customers and employees, including Social Security numbers, email addresses and passwords.

The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.