In 2010, the Federal Trade Commission settled its complaint with LifeLock over alleged deceptive claims and practices made with regards to LifeLock’s Identity Theft Protection and Data Security Claims. Now, the FTC is charging that LifeLock failed to live up to the terms of the agreement.
“It is essential that companies live up to their obligations under orders obtained by the FTC,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “If a company continues with practices that violate orders and harm consumers, we will act.”
The FTC complaint can be found here. Notably, the FTC claims that LifeLock has violated the settlement agreement by
1) failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal Case 2:10-cv-00530-MHM Document 20 Filed 07/21/15 Page 1 of 4 data, including credit card, social security, and bank account numbers;
2) falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions;
3) failing to meet the 2010 order’s recordkeeping requirements; and
4) from at least January 2012 through December 2014, falsely claiming it protected consumers’ identity 24/7/365 by providing alerts “as soon as” it received any indication there was a problem
While data breaches have become a near every day occurrence now, and courts wondering if there is really any harm to those who suffer a privacy intrusion, this is especially troubling. Consumers need to be able to rely on identity theft protection software, or at least be permitted to believe the claims that are made. While LifeLock denies the charges, the FTC seems intent to prove that LifeLock doesn’t live up to its promises.