We often counsel our clients not to make absolute promises about security or data protection. Just like there is no ocean-front property in Arizona, there is no such thing as perfect security or safety.
LifeLock, Inc. just learned this lesson the hard way when they promised consumers protection from all forms of identity theft. The Federal Trade Commission and 35 state attorneys cried foul saying LifeLock's services fell far short of what was promised offering protection only from some forms of identity theft . Lifelock agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges of deceptive advertising.
“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.
Action Items to Consider
- Review your marketing materials and privacy policies for promises your company makes about privacy and security.
- Avoid using any absolute statements like "100% Secure" or "We guarantee your privacy."
- If you feel you need to make carefully-worded promises about privacy and security, make sure you can back it up with good privacy and security programs and practices and understand the risks if you fail to live up to your promises. www.ftc.gov/lifelock.
If you would like assistance in reviewing your organization's privacy or data security promises, please contact Susan Lyon at firstname.lastname@example.org
or (206) 359-8002.