A Duty to Patch? Consumer Protection Law Used to Impose Duty to Secure Software and Mobile Devices

In the first enforcement action by the Federal Trade Commission (FTC) against a mobile device manufacturer, the FTC recently announced that HTC America Inc. (HTC) settled charges that the company had engaged in unfair practices and had falsely or misleadingly represented whether third-party and HTC applications could access users' personal information. This case is the latest in a series of data privacy and security enforcement actions by the FTC and a significant development for companies that manufacture software or incorporate it into the products and systems that they sell to the consumer market.