Verkada, a manufacturer and retailer of security cameras, has settled FTC accusations of lax security measures. The company sells its products to businesses, including schools and medical facilities. It markets its products as “plug and play:” the cameras connect to the cloud and allow customers’ remote access into both live and archived video footage. Among other features, the cameras have a “people analytics” tool that lets users “search images through facial recognition or face-matching technology.” A review of the settlement raises many reminders for companies about (1) security claims in privacy policies and marketing, (2) remediation concerns following a breach, (3) adherence to the Privacy Shield, and (4) a reminder about related (and often overlooked) laws like CAN-SPAM.Continue Reading Camera Company Will Pay $2.95 Million to Settle Security Claims

Throughout 2020 we saw many enforcement actions brought by EU and U.S. regulators. Whether for allegations of deception (misleading privacy representations) or unfairness (failure to protect information), COVID did not appear to slow down regulatory action. Laws that many companies forget about -or don’t know as well- were enforced by regulators, as well as through class action lawsuits. This included the Children’s Online Privacy Protection Act, Illinois’s Biometric Information Privacy Act, and the Telephone Consumer Protection Act.
Continue Reading 2020 In Review: Ongoing Enforcement Actions and a Patchwork of Privacy Laws