MoviePass, a movie subscription service, has agreed to a proposed settlement with the FTC over alleged deception and lack of security allegations. The now-defunct company not only allegedly marketed its service as a “one movie per day” service – yet took steps to actively deny subscribers such access – it also failed, according to the FTC, to secure subscriber’s personal data. The company also was alleged to have violated the Restore Online Shoppers’ Confident Act, which impacts the offering of “negative option” (subscription) services.
Under the proposed order, with respect to the alleged security violations, MoviePass’s operators must implement a comprehensive information security program. The program must have a “qualified” employee who oversees it, it needs to be designed to address risks that face the company, must provide for employee training, and will be subject to FTC oversight and biennial third-party audits. The order also requires that senior executives annually certify the program, and that the company notify the FTC directly of any future data breaches. The settlement terms will be in effect for 20 years, and are with the company, its parent, as well as the two principal owners, who will be required to follow its terms for any business they control.