The FTC settled with Zoom for deceiving users about its encryption security and unfairly installing software that bypassed browser safeguards. Zoom must implement a comprehensive security program, undergo biennial audits, and is banned from making false security claims. No monetary penalty was imposed.
Zoom must establish and implement a comprehensive information security program with annual risk assessments, vulnerability management, multi-factor authentication, and data deletion controls. It is prohibited from making misrepresentations about privacy and security. The company must undergo biennial third-party security audits and notify the FTC of any data breaches.
Entity
Zoom Video Communications, Inc.
Also known as: Zoom
Industry
TechnologyOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2020/11/ftc-requires-zoom-enhance-its-security-practices-part-settlement
1923167zoomacco2
https://www.ftc.gov/system/files/documents/cases/1923167zoomacco2.pdf
1923167zoomcomplaint
https://www.ftc.gov/system/files/documents/cases/1923167zoomcomplaint.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
The FTC finalized a settlement with Zoom Video Communications, Inc. for misleading consumers about its data security practices and compromising user security. The settlement requires Zoom to implement a comprehensive security program, review software updates for security flaws, and undergo biennial third-party assessments.
$18.0M
Consumer fraud enforcement action where the FTC settled with Air AI for misleading entrepreneurs with false earnings and refund guarantees. The company will be banned from marketing business opportunities and pay a suspended $18 million judgment with $50,000 for consumer relief. Violations included failure to provide required disclosures and false claims under the Telemarketing Sales Rule and Business Opportunity Rule.
$17.0M
Consumer fraud enforcement action where the FTC settled with Xponential Fitness for violating the Franchise Rule by misrepresenting key information to franchisees, including time to open and costs. The settlement includes a $17 million monetary judgment for redress and prohibits future misrepresentations.
Consumer fraud and advertising enforcement action where the FTC sent warning letters to 97 auto dealership groups for deceptive pricing practices, such as advertising prices that exclude mandatory fees, misleading consumers about total costs. The letters stress the need for truthful and transparent pricing in the automotive industry.
$100.0M
The FTC and 11 states settled with Walmart for $100 million over deceptive earnings claims in its Spark Driver gig worker app, where drivers were misled about base pay, tips, and incentives. The settlement also addressed GLBA violations for failing to provide proper notice regarding the handling of drivers' financial information. Walmart must implement an earnings verification program and is banned from misrepresenting driver earnings.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.