Skip Navigation

Genica Reaches Settlement Agreement with FTC

Bookmark and Share

On February 5, 2009 the Federal Trade Commission (FTC) announced that Compgeeks, which operates the web site, and its parent company, Genica Corporation, agreed to settle the FTC charges that it violated federal law by failing to provide reasonable security to protect customer data. 

The FTC complaint alleges that Genica had several security breaches caused by the fact that they stored sensitive information in unencrypted text on their corporate computer network. It also charges that Genica did not properly assess how vulnerable the Web application and network were to security breaches and attacks. 

The proposed settlement bars Genica from making deceptive privacy and data security claims and requires them to implement and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards. It also proposes that the company must obtain, every other year for 10 years, an audit from a qualified, independent, third-party professional to ensure that the security program meets the standards of the order. The proposed settlement also includes standard record-keeping provisions that allow the FTC to monitor company compliance. 

NAID applauds the FTC for demanding consequences for companies involved in data breaches. FTC scrutiny of noncompliant companies has become an increasing trend over the last two years and it is apparent that FTC regulations are getting even tighter. 

Full Article