Twitter has settled a Federal Trade Commission investigation, which started after a hacker gained access to a number of Twitter accounts (including President Barack Obama’s) and sent out fake tweets from those addresses. Under the terms of the settlement, Twitter “will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information.” We don’t know what happens in year 21.
In a statement, FTC consumer protection chief David Vladek said:
When a company promises consumers that their personal information is secure, it must live up to that promise. Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations. Consumers who use social networking sites may choose to share some information with others, but they still have a right to expect that their personal information will be kept private and secure.
Twitter also agreed to have its security systems and policies reviewed by an independent auditor every other year for 10 years. Twitter’s lawyer says the company’s security already meets the government’s requirements: “Even before the agreement, we’d implemented many of the FTC’s suggestions and the agreement formalizes our commitment to those security practices,” Alexander Macgillivray wrote on the company blog.
Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information; Company Will Establish Independently Audited Information Security Program [Official Release]
FTC Announcement [Twitter Blog]