This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

FTC Penalizes CEO for Company Data Breach

After repeated data breaches that exposed consumer information, the CEO of Drizly is being held personally accountable for the latest incident. The delivery company Drizly has settled an investigation by the FTC (there is a public comment period before the settlement is final) in which the parties agree that the company's CEO must implement a detailed information security plan if he assumes a c-suite position at another company.  

The unusual -- and aggressive -- tactic of holding the CEO to account comes after the company suffered multiple breaches, allegations that it failed to upgrade security appropriately after the initial breach, and charges that it misrepresented the state of its security measures.  

Why It Matters

The CEO will not be fined as part of this settlement, but if it is ultimately accepted as final it would be a startling precedent: that the c-suite can face personal liability for failing to secure consumer data. The facts of this case are very unfavorable to the company and the CEO, since they appear to verge on fraud regarding security, but it is nonetheless an important signal that consumer data protection is taking on a much more important role in regulators' minds. That means it should also take on more importance to business owners and executives -- and that public disclosures about security should be accurate and truthful.  

The agency's four commissioners have voted unanimously in favor of requiring Drizly CEO James Cory Rellas to roll out a detailed information security program if he serves as a high-level executive at another business that collects more than 25,000 consumers' data, the FTC said in a statement. If the proposed order is finalized, it would mark a rare case in which the terms of an FTC settlement follow a company CEO even if they take another job.


data security and privacy, hill_mitzi, insights