The Federal Trade Commission announced a settlement with Ceridian Corporation and Lookout Services, Inc., concerning the security and privacy of individuals’ data:
Two companies that maintain large amounts of sensitive information about the employees of their business customers, including Social Security numbers, have agreed to settle Federal Trade Commission charges that they failed to employ reasonable and appropriate security measures to protect the data, in violation of federal law. Among other things, the settlement orders require the companies to implement comprehensive information security programs and to obtain independent audits of the programs every other year.
The settlements with Ceridian Corporation and Lookout Services, Inc. are part of the FTC’s ongoing efforts to ensure that companies secure the sensitive consumer information they maintain. In complaints filed against the companies, the FTC charged that both Ceridian and Lookout claimed they would take reasonable measures to secure the consumer data they maintained, including Social Security numbers, but failed to do so. These flaws were exposed when security breaches at both companies put the personal information of thousands of consumers at risk. The FTC challenged the companies’ security practices as unfair and deceptive. […]
The settlement orders bar misrepresentations, including misleading claims about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. They require the companies to implement a comprehensive information security program and to obtain independent, third party security audits every other year for 20 years.
The FTC will publish a description of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through June 2, after which the Commission will decide whether to make them final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted using the following web links: https://ftcpublic.commentworks.com/ftc/lookout and https://ftcpublic.commentworks.com/ftc/ceridian and following the instructions on the web-based form.
Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.