@FTC- @zoom_us settlement decree requires robust #InfoSec program https://twitter.com/ftc/status/1325825131458027520

For the non-practitioners, if you’re tempted to protest the lack of fines against @zoom_us, this is just how it works with @FTC enforcement actions. First, you get a consent decree with strict requirements. If you violate the terms, then the fines come into play.

And these consent decrees are no joke. This one, in particular, puts @zoom_us under the @FTC's close watch for the next 20 years. They're not cheap either.

Important takeaway for startups: make sure you understand & accurately describe your security measures--in @zoom_us' case, e2e encryption. Avoid throwing around the term as a blanket answer to your customers' security concerns. We & the @FTC can see through it.

This agreement is a goldmine for what companies should have in place in their #InfoSec programs. Cross-reference this with the FTC's other security enforcement actions (& the CA AG's recommended 20 CIS CSCs) for a decent framework. https://www.ftc.gov/datasecurity