- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
March 7th, 2016
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk. In addition to flagging software security issues, the FTC argued that ASUS (1) falsely advertised its routers would "protect computers from any unauthorized access, hacking, and virus attacks"; (2) ignored warnings from security researchers that the product was not living up to its claims; and (3) failed to promptly notify customers that the product's security features were defective.
In August of 2012, ASUS introduced and began marketing a feature known as AiCloud on its routers. ASUS marketed AiCloud as a "private personal cloud for selective file sharing ... [with] the most complete, accessible and secure cloud platform." But the AiCloud applications had vulnerabilities that allowed attackers to gain unauthorized access to consumers' files and router login credentials. After security professionals and hacking victims notified ASUS about the vulnerabilities ASUS delayed rolling out a security patch, leaving consumers at risk. The FTC argued that ASUS's failure to remedy the security risks and delay in notifying consumers subjected consumers to substantial injury.
Under the settlement ASUS will establish a comprehensive security program, including "clearly and conspicuously" notifying consumers about software updates and allowing consumers to register for direct security notices regarding its routers.
The FTC has taken substantial steps over the last year to ramp up security initiatives for businesses with products or services that can have an impact on consumer privacy - including its "Start With Security" business education conference series. The ASUS settlement will certainly be added to the list of cases that can guide companies that handle or secure sensitive customer data.
If you have any questions about the ASUS matter or other privacy and data security law issues, please contact S. Gregory Boyd at (212) 826 5581 or email@example.com, Phillip E. Jackman at (212) 705 4824 or firstname.lastname@example.org, or any other member of the Frankfurt Kurnit Privacy and Data Security Group.
Other Privacy & Data Security Law Alerts
A Big Phone Bill: Dish Network Telemarketing Violation Verdicts Total Approximately $341 Million
In a cautionary tale for marketers, two courts recently found satellite TV provider Dish Network ("Dish") liable for repeated and willful violations of federal and state telemarketing laws.
June 23 2017
Start Your Engines: We Have to Deal With GDPR, What Now?
Back in January, we posted about the circumstances in which your company, even if based in the US, must comply with the EU General Data Protection Regulation (GDPR), taking effect in May 2018. Here we will provide a high level checklist to help you start down the path of GDPR readiness.
April 13 2017
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017