On February 5, 2009, the FTC announced yet another settlement with a company over its alleged lax data security business practices (in connection with the hacking of its website). Specifically, the FTC announced that it settled charges with Genica Corp. and Compgeeks.com over charges that the companies violated Section 5 of the FTC Act by failing to provide reasonable security to protect sensitive customer data. The case serves as a reminder to businesses that information security, and making sure a company’s conduct is consistent with its privacy policy, remain key priorities for regulators.

This Client Advisory, prepared by Kelley Drye’s Privacy and Information Security practice group, provides a detailed summary of the case.