FTC finalizes settlement with movie subscription service
On October 5, the FTC finalized a settlement with the operators of a movie subscription service, resolving allegations that the respondents violated the FTC Act by denying subscribers access to paid-for services and failed to secure subscribers’ personal information. As previously covered by InfoBytes, in June the FTC filed a complaint alleging the respondents, among other things, employed multiple tactics to prevent subscribers from using the advertised services, and failed to disclose all material terms before obtaining consumers’ billing information or obtain consumers’ express informed consent before charging them. The FTC further alleged that the respondents failed to take reasonable measures to protect subscribers’ personal information, including by storing personal data in unencrypted form and failing to restrict who could access the data, which led to a data breach in 2019. In a 4-1 vote, the FTC approved the settlement, which prohibits the respondents from misrepresenting their business and data security practices and requires the establishment of a comprehensive information security program. The respondents must also implement and annually test and monitor safeguards, take steps to address security risks, obtain biennial third-party information security assessments, notify the FTC of any future data breaches, and annually certify that they are complying with the order’s data security requirements. The FTC noted respondents may face monetary penalties of up to $43,792 per violation, per day, should they violate the terms of the order.