A Duty to Patch? FTC Settles First Case Against a Mobile Device Manufacturer, Describes Company’s Obligation to Implement Software Security
25 February 2013HL Chronicle of Data Protection
In the first enforcement action by the FTC against a mobile device manufacturer, the FTC on February 22 announced that HTC America (HTC) had settled charges alleging that the company had engaged in unfair practices and falsely or misleadingly represented whether third-party and HTC applications could access users’ personal information. In settling the FTC’s charges, HTC has agreed to address security vulnerabilities on its devices, implement a comprehensive security program, and undergo biannual security assessments over the next twenty years. On the same day that it announced the HTC settlement, the FTC also announced that it will hold a public forum on June 4 to discuss threats to mobile devices.