Proactively Managing Privacy and Security Risks
On January 25, 2023, the Federal Trade Commission (FTC) issued a decision and order against an online learning platform, Chegg, Inc., for collecting and selling its students' personal information. Chegg failed to provide reasonable security to prevent unauthorized access to students’ sensitive data leading to multiple data breaches. The decision requires Chegg to obtain affirmative express consent before collecting, using, or disclosing students' personal information for non-educational purposes. Chegg is also required to implement privacy and data security programs and undergo regular audits. The decision imposes penalties and remedies to address the harm caused to consumers and ensure compliance with FTC regulations.
As a leader in the data security and privacy law fields, Kirton McConkie understands the importance of proactively managing privacy and security risks. With recent enforcement actions from the FTC against companies like Chegg, it's clear that the agency is taking data security seriously. The Chegg case is a prime example of the consequences of failing to properly secure personal information and the need for organizations to take a comprehensive approach to risk management that addresses both cybersecurity and privacy risks.
The rapidly progressing technological landscape, including cloud computing, IoT devices, and artificial intelligence, introduces new and constantly evolving threats to data security and personal privacy. A minimum legal compliance approach is no longer enough to keep pace with these threats. Organizations must understand and manage both privacy and cybersecurity risks to ensure they are protected against data breaches and noncompliance with laws and regulations.[1]
At Kirton McConkie, we understand that risk management is more than just meeting legal requirements. Our deep experience in data security and privacy laws and regulations, combined with our expertise in the risk management process, allows us to help organizations anticipate and respond to emerging threats and minimize the impact of data breaches. Our proactive approach to identifying, assessing, and mitigating potential risks and vulnerabilities will give you peace of mind and help ensure the protection of your personal information. Trust Kirton McConkie to guide you through the ever-changing landscape of data security and privacy laws and regulations.
[1] An IBM report found the average cost of data breaches for U.S. companies was $9.44 million, a 4.3% increase over the last year, and approximately $5 million over the global average of $4.35 million.
