Menu

News

DOJ and FTC Secure $2.95 Million Settlement for Alleged CAN-SPAM Act Violations

  • The U.S. DOJ settled with Verkada Inc., a cloud-based building security company that sells security cameras and other physical security products, to resolve allegations that its data security and email practices violated the FTC Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act).
  • The complaint, filed by the DOJ upon notification and referral from the FTC, alleged that Verkada deceptively claimed compliance with personal information security requirements when, in reality, its practices failed to adequately safeguard personal information; its inadequate security measures allowed at least two security breaches, including one in which a hacker accessed internet-connected security cameras and viewed patients in psychiatric hospitals and women’s health clinics; flooded prospective customers with emails and failed to provide email opt-outs; and failed to disclose company insiders’ reviews of the company, among other allegations.
  • Under the terms of the settlement, Verkada must pay $2.95 million in civil penalties and establish and maintain a comprehensive information security program, among other relief.