August 22, 2019

August 21, 2019

Subscribe to Latest Legal News and Analysis

August 20, 2019

Subscribe to Latest Legal News and Analysis

August 19, 2019

Subscribe to Latest Legal News and Analysis

FTC and D-Link Settle Data Security Dispute

After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices.

As we previously reported, part of the FTC’s 2017 complaint against D-Link was dismissed by the U.S. District Court for the Northern District of California on three counts, including an allegation that D-Link’s failure to take reasonable security steps was an unfair practice under Section 5 of the FTC Act. According to the court, the FTC did not identify instances where consumers’ financial, medical, or other sensitive personal information was accessed, exposed, or misused and therefore did not meet its burden under Section 5 – a significant ruling that could affect the FTC’s authority to bring future claims under Section 5 unless it establishes actual harm. However, the court allowed three of the FTC’s six claims to go forward, including counts involving D-Link’s alleged misrepresentations that its devices provided adequate data security and that its routers and IP cameras were secure against potential hacking.

Under the proposed Order, D-Link must develop, implement, and maintain a comprehensive software security program that is audited by an independent third-party assessor every two years for 10 years. The Order also bars D-Link from selling, distributing, or hosting its IP camera set-up wizard software on its website. The FTC reserved the right to approve a third-party compliance auditor, a measure the agency is now using more routinely in settlement orders.

The FTC filed the proposed settlement with the court on July 2, 2019, to be approved and signed by a district court judge.

© 2019 Keller and Heckman LLP

TRENDING LEGAL ANALYSIS


About this Author

Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney
Partner

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies,...

202-434-4646
Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and commercial e-mail messages, contests and sweepstakes, endorsements and testimonials, marketing to children, and data breach notification. Ms. Marshall also helps clients establish best practices for collecting, storing, sharing, and disposing of data, and manage outsourcing arrangements and transborder data flows. In addition, she assists with drafting and implementing internal privacy, data security, and breach notification policies, as well as public privacy policies and website terms and conditions.

As to intellectual property matters, Ms. Marshall helps clients protect their copyrights and trademarks through registration, enforcement actions, and licensing agreements.

She also represents clients in proceedings before the Federal Communications Commission and Federal Trade Commission.

Ms. Marshall is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and a contributing author of Beyond Telecom Law Blog and Consumer Protection Connection.

Education: Washington and Lee University (B.A., 1997); American University, Washington College of Law (J.D., 2002).

Admissions: District of Columbia; Maryland

Memberships: American Bar Association

202-434-4234