FTC, Twitter Settle Data Security, Privacy Charges

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

ISACA: Top Four Social Media Risks for Business


Continuing in the privacy vein, Twitter has settled with the Federal Trade Commission regarding privacy charges brought after hackers accessed the San Francisco microblogging service and were able to send phony tweets as well as view tweets that users had marked as private.


The FTC claimed that Twitter was responsible for the privacy violations because it had not taken "reasonable steps" to ensure that the system remained secure and that there was no unauthorized access. According to Bloomberg, the FTC's David Vladeck said:

When a company promises consumers that their personal information is secure, it must live up to that promise. Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.


Twitter representatives indicated Thursday they had implemented many of the regulator's suggestions before they met with the FTC to discuss settlement. According to the company blog:

[T]he agreement formalizes [Twitter's] commitment to those security practices.


The FTC statement on the agreement set out the suggestions, which included the following:

  • Prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts.
  • Suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts.
  • Providing an administrative login webpage that is made known only to those authorized and is separate from the login page for users.


The settlement agreement, which is the FTC's first with a social-networking service concerning data security/privacy lapses, is subject to public comment for 30 days.