Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
March 7th, 2016
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk. In addition to flagging software security issues, the FTC argued that ASUS (1) falsely advertised its routers would "protect computers from any unauthorized access, hacking, and virus attacks"; (2) ignored warnings from security researchers that the product was not living up to its claims; and (3) failed to promptly notify customers that the product's security features were defective.
Background
In August of 2012, ASUS introduced and began marketing a feature known as AiCloud on its routers. ASUS marketed AiCloud as a "private personal cloud for selective file sharing ... [with] the most complete, accessible and secure cloud platform." But the AiCloud applications had vulnerabilities that allowed attackers to gain unauthorized access to consumers' files and router login credentials. After security professionals and hacking victims notified ASUS about the vulnerabilities ASUS delayed rolling out a security patch, leaving consumers at risk. The FTC argued that ASUS's failure to remedy the security risks and delay in notifying consumers subjected consumers to substantial injury.
Result
Under the settlement ASUS will establish a comprehensive security program, including "clearly and conspicuously" notifying consumers about software updates and allowing consumers to register for direct security notices regarding its routers.
Take-away
The FTC has taken substantial steps over the last year to ramp up security initiatives for businesses with products or services that can have an impact on consumer privacy - including its "Start With Security" business education conference series. The ASUS settlement will certainly be added to the list of cases that can guide companies that handle or secure sensitive customer data.
If you have any questions about the ASUS matter or other privacy and data security law issues, please contact S. Gregory Boyd at (212) 826 5581 or gboyd@fkks.com, or any other member of the Frankfurt Kurnit Privacy and Data Security Group.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023