- The FTC reached a settlement with Canadian manufacturer of smart locks Tapplock, Inc. to resolve allegations that it used misleading marketing practices to sell its Internet-connected locks in violation of the FTC Act.
- The FTC’s complaint alleged that Tapplock promised its smart locks to be unbreakable and secure while, in reality, the company failed to test whether its claims were true, and that security researchers identified both physical and electronic vulnerabilities that allowed the locks to be unlocked. In addition, Tapplock allegedly claimed to take reasonable precautions to safeguard its customers’ personal information, but failed to follow industry best practices for data protection.
- Under the terms of the proposed consent order, among other things, Tapplock is required to create a Device Security and Information Security Program setting forth its policies and procedures in writing, and obtain periodic third-party assessments of its program. Tapplock is also prohibited from misrepresenting its privacy and security practices.