"This broad standard effectively could enable the Commission to hold individually liable the CEOs of most companies against which we initiate enforcement action." "While I support the complaint against the corporate defendant, I do not support holding the individual defendant, Rellas, liable," she wrote. However, not everyone - and not even all of the regulator's commissioners - agrees that holding CEOs' feet to the fire is the right approach.ĭespite the commission's 4-0 vote in favor of the sanctions, Commissioner Christine Wilson partially dissented, citing the order's inclusion of Rellas. The action is part of the watchdog agency's "aggressive efforts" to protect private data and ensure that "careless CEOs learn from their data security failures," according to the FTC's press release. "In the modern economy, corporate executives sometimes bounce from company to company, notwithstanding blemishes on their track record," Khan and Bedoya noted.įor the next decade, Rellas will be required to implement an IT security program at any company that collects personal data from more than 25,000 people, and where he is a majority owner, CEO, or senior officer with infosec responsibilities. The sanctions will follow Rellas even if he moves on to a different organization. This gave crooks access to Drizly's backend servers to mine cryptocurrency on the machines until the app maker changed its credentials.Īccording to the complaint, Drizly continued to fumble its IT defenses, and in 2020 these shortcomings led to a miscreant stealing a copy of its customer data. While the data snafu occurred in 2020, the FTC's complaint against the biz stated the security failings date back to at least 2018, when a Drizly employee posted on GitHub login details for the company's Amazon cloud computing resources. "We take consumer privacy and security very seriously at Drizly, and are happy to put this 2020 event behind us," a Drizly spokesperson told The Register. The FTC will decide to make the proposed order final after a 30-period in which the public can comment on the sanctions. Additionally, the company and its CEO must put better security controls in place, require employees to use multi-factor authentication, and provide security training for its employees.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |