We’ve all been hearing the whispers that the FTC is getting more serious about ransomware and data breaches. There have been a few select examples that point to a heightened sense of proactive reprimands by the FTC. And yet, many breaches pass by without the FTC paying particular notice.
This was not the case with the alcohol beverage delivery company Drizly. In a rare decision, the FTC chose to single out Drizly CEO James Cory Rellas for data security abuse.
The FTC announced plans to bring individual sanctions against Drizly’s CEO for data privacy abuses. This action follows allegations that Drizly’s security failures resulted in a recent data breach that exposed the personal information of 2.5 million customers.
This is a rather unusual move by the FTC but marks a promised move towards more stringent consequences for companies that do not comply with security regulations and data breach protocols.
All companies are wondering the same thing: what’s the effect on the company? What does Drizly have to do per the FTC?
The FTC order requires the Drizly CEO to implement a security program not only at Drizly—but at any future company he runs. This is an interesting move by the FTC, considering that Drizly is now a subsidiary of Uber.
The FTC terms require Drizly to destroy unnecessary data, implement new data controls, and train employees about cybersecurity.
In an interesting move singling out CEO Rellas, the FTC marks its desire to address privacy abuses and bring more stringent oversight of the tech industry.
The Drizly breach and FTC order over Drizly and CEO Rellas are intended as a lesson for business leaders. The FTC plans to continue to use data privacy orders, like the one issued to Drizly, to hold companies accountable when they abuse or misuse customer data. Companies should also understand the ramifications of repeat offenders.
For customers, this is good news. For businesses doing it the right way, this is also good news. If your business is not taking cybersecurity protocols seriously—beware. The FTC is getting more vigilant.
At PK Tech, we do it the ‘right way.’ No matter your industry and regulations, we work with your business to ensure you are compliant and protected against potential data breaches. Not only does a data breach put you at risk for non-compliance under the FTC, but you also risk customer data and buyer loyalty — sometimes a grave ending for a business.
If you are interested in taking your IT security to the next level in 2023, get in touch with the PK Tech team here.