Print Article
SHARE

On August 30, 2024, the Federal Trade Commission (FTC) released a proposed order against the security camera firm Verkada, requiring the company to develop and implement a comprehensive information security program. This action followed allegations that Verkada’s inadequate security practices allowed a hacker to gain access to customers’ security cameras. The proposed order must be approved by a federal judge before it can go into effect.

Key Points

  • Verkada will be required to pay a $2.95 million fine for violating the CAN-SPAM Act, marking the largest penalty the FTC has ever imposed for such a violation. This penalty addresses allegations that Verkada flooded customers with commercial emails without proper unsubscribe options;
  • The company is also required to create and enforce a comprehensive information security program to address data security failures. This includes third-party audits to ensure compliance;
  • The FTC’s complaint, filed by the Department of Justice (DOJ), alleges that Verkada’s inadequate security practices allowed a hacker to access sensitive video footage from its security cameras. This breach affected data from psychiatric hospitals and women’s health clinics;
  • Verkada is accused of failing to implement basic security measures such as unique passwords, data encryption, and secure network controls;
  • Verkada is charged with misleading consumers about its adherence to data protection standards including HIPAA and the EU-U.S. and Swiss-U.S. Privacy Shield frameworks;
  • The company is also accused of misleading consumers by not disclosing that some positive online reviews of its products were written by its employees and a venture capital investor;
  • The proposed order will prohibit Verkada from making false claims about its privacy and data security practices. It will also enforce compliance with the CAN-SPAM Act and require regular third-party audits of its security practices.

Implications for Businesses

The FTC’s action highlights the need to regularly review and update your data security practices to ensure they comply with best practices and regulatory requirements. Businesses are advised to assess their current security and marketing practices to adhere to current regulations.

NEED HELP WITH PRIVACY LAW COMPLIANCE?

The CommLaw Group Can Help!

If your company has questions about its data privacy obligations under state and federal laws or would like to reassess its data collection and processing practices in compliance with state regulation, please contact us:

Linda McReynolds – Tel: 703-714-1318 / E-mail: lgm@commlawgroup.com
Diana James – Tel: 703-663-6757 / E-mail: daj@commlawgroup.com

Ask An Attorney

Disclaimer: Please be advised that contacting our law firm through this contact form does not establish an attorney-client relationship. While we appreciate your interest in our services, we cannot guarantee the confidentiality of any information shared until an attorney-client relationship has been formally established. Therefore, we kindly request that you refrain from submitting any confidential or sensitive information through this form. Any information provided through this form will be treated as general inquiries and not as privileged or confidential communications. Thank you for your understanding.