Earlier this month, the Federal Trade Commission (“FTC”) reached a settlement with Zoom Video Communications, Inc. (“Zoom”) regarding alleged misrepresentations related to its security program. The FTC alleged that Zoom misled users by “touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security.
As part of the settlement, Zoom must (1) ensure that its representations to consumers regarding its privacy and security practices are accurate, and (2) update its security practices with a comprehensive new program that includes vulnerability management, annual documentation of risks and new security safeguards such as multi-factor authentication.
The FTC’s regulatory action against Zoom highlights the need for all businesses to ensure that representations regarding privacy and security practices are accurate and implement enterprise-wide cybersecurity protocols that take the specific risks faced by an organization into account.