FTC’s Enforcement Action Against LifeLock

According to its website, the Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. LifeLock has used the massive security breaches of companies like Anthem and Target to increase its membership. On July 21, 2015, the Federal Trade Commission (FTC) claimed that LifeLock—an identity theft protection company—has violated a 2010 Settlement it had made with the agency and thirty-five state attorneys general. This assertion was made due to LifeLock’s alleged misrepresentation of its security capabilities and failing to take steps to protect consumers’ information.

What is the Federal Trade Commission’s responsibility?

The FTC was created to prevent anti-competition business practices and protect consumers against deceptive or unfair business dealings. The Federal Trade Commission Act (which incorporates the U.S. Safe Web Act amendments of 2006) sets the parameters for how the agency can prosecute companies, which it believes are misleading consumers through false or deceptive advertising.  In fact, sections 45 and 52 of the statute indicate that, when a company commits an unfair act or deceptive practice, “and if it shall appear to the Commission that a proceeding … would be to the interest of the public, it shall issue and serve … a complaint stating its charges …”   In addition, section 52 addresses the illegality of false advertisements, which would be likely to induce consumers to purchase a product.  Although, LifeLock was not advertising a product, it was falsely advertising services, so consumers were induced to buying memberships.  Therefore, the FTC is utilizing its ability to prosecute companies for violating the law.

Why is the case being prosecuted and how can it proceed?

LifeLock claims that it could prevent its members from being the victims of identity theft if they paid its monthly membership fee. The FCT had a settlement in 2010 requiring LifeLock to cease its deceptive claims that the data it retained was encrypted, that information was only shared on a “need to know basis,” that members would immediately be notified of any identity breach, and that LifeLock uses all means possible to keep the personal information of it members secure. The FTC was able to prove that LifeLock’s claims were misleading compared to its actual capabilities and they settled for $12 million. Nonetheless, this recent claim indicates that LifeLock has not maintained its part of the settlement by failing to protect its users’ information, not keeping the records it was required to keep, and making deceitful claims towards consumers.

It seems that the FTC will continue to prosecute LifeLock. A class action lawsuit has been filed, but a class status has not yet been granted by the court. The difficulty with class action lawsuits for identity theft is proving actual damages, since identity theft could be used to make purchases, disseminate viruses, or send spam emails. As class action lawsuits continue after the FTC prosecution of companies that do not protect their members’ data increase, this question should be answered.

At our law firm, we assist clients with legal issues related to online privacy and cybersecurity. You may contact us to set up an initial consultation.