The U.S. Federal Trade Commission announced an enforcement action against online alcohol marketplace Drizly and its CEO James Cory Rellas related to data security issues that led to a 2020 data breach involving 2.5 million customers. The order calls on Drizly to destroy unnecessary data and requires implementation of data minimization and information security programs. Rellas will be bound to the enforcement action in any new position or venture beyond Drizly. FTC Bureau of Consumer Protection Director Samuel Levine said the order not only "restricts what the company can retain and collect going forward," it ensures the CEO "faces consequences for the company’s carelessness."
25 Oct. 2022
FTC issues order against Drizly, CEO over 2020 breach
Related stories
Notes from the IAPP Canada: Ontario IPC shares enforcement philosophy with law students
Notes from the IAPP Europe: Wrapping up November with the IAPP DPC
Ireland's DPC details legitimate interest prong of its LinkedIn enforcement action
What the new European Commission could mean for digital regulation
IAPP DPC 2024: Reynders discusses GDPR enforcement harmonization, adequacy developments