The operator of a rewards website that was hacked in 2016 must have an outside company assess his websites’ information security programs if the websites collect personal data, under a settlement with the Federal Trade Commission.
The final settlement, announced July 2, with ClixSense.com operator James V. Grago Jr. highlights the new direction the FTC is taking in its data security orders, specifically requiring third-party assessments of data security and requiring senior officers to give annual certifications of compliance.
Grago must put in place a comprehensive information security program if any company he controls collects or maintains personal information. ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.