Antitrust Lawyer Blog Commentary on Current Developments

Guidance Software Inc. Settles FTC Charges

On November 16, Guidance Software Inc. agreed to settle Federal Trade Commission charges that its failure to take reasonable security measures to protect sensitive customer data contradicted security promises made on its Web site and violated federal law. According to the FTC, Guidance’s data-security failure allowed hackers to access sensitive credit card information for thousands of consumers. The settlement will require the company to implement a comprehensive information-security program and obtain audits by an independent third-party security professional every other year for 10 years.
Guidance sells software and related training, materials, and services customers use to investigate and respond to computer breaches and other security incidents. According to the FTC complaint, Guidance failed to implement simple, inexpensive and readily available security measures to protect consumers’ data. In contrast to claims about data security made on Guidance’s Web site, the company created unnecessary risks to credit card information by permanently storing it in clear readable text. In addition, the complaint alleges that Guidance failed to protect the information by: