FTC Seeks Consumer Redress from LifeLock

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

July 21 — The Federal Trade Commission July 21 said that identity theft protection company LifeLock Inc. has violated a 2010 settlement with the FTC and 35 state attorneys general by making deceptive claims about its services and failing to properly protect users' data.

The 2010 settlement prohibited the company from making deceptive claims, misrepresenting its ID theft protection services, misrepresenting the risk of ID theft or misrepresenting the manner and extent to which it protects consumers' personal information. The settlement also required LifeLock to pay a $12 million fine.

The FTC July 21 filed a sealed motion for contempt in the U.S. District Court for the District of Arizona. The commission said in a July 21 statement that it is seeking full redress to all consumers affected by the alleged misconduct.

Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in the statement that “it is essential that companies live up to their obligations under orders obtained by the FTC.”

LifeLock issued a statement July 21 taking issue with the FTC's action. “We disagree with the substance of the FTC’s contentions and are prepared to take our case to court,” the company said.

Alleged Violations 

The commission said in its latest statement that, from at least October 2012 through March 2014, LifeLock violated the terms of the settlement by:

• failing to establish and maintain a comprehensive information security program to protect its users’ sensitive personal data, including credit card, Social Security and bank account numbers;

• falsely advertising that it protects consumers’ sensitive data with the same high-level safeguards as financial institutions; and

• failing to meet the 2010 order’s record-keeping requirements.


Additionally, the FTC estimated that, from at least January 2012 through December 2014, “LifeLock falsely claimed it protected consumers’ identity 24/7/365 by providing alerts ‘as soon as' it received any indication there was a problem.”

The agency's allegations were filed under seal so aren't available for public viewing. The court will determine which portions of the case will be unsealed.

LifeLock Responds 

“After more than 18 months of cooperation and dialogue with the FTC, it became clear to us that we could not come to a satisfactory resolution of their issues outside a court of law,” LifeLock said in its statement.

“Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member’s data being taken,” LifeLock said. “As required by the FTC's consent order in 2010, LifeLock hired highly-credentialed, independent professionals to assess its information security. We are committed to maintaining high standards and to continual improvement, and we have spent thousands of hours and millions of dollars to achieve those standards in full compliance with the order. Every audit completed by those third parties affirmed that we were in compliance.”

FTC Commissioner Maureen K. Ohlhausen voting against the filing of the application for a show cause order.

The FTC represented the commission. Kirkland & Ellis LLP is representing LifeLock.

Request Bloomberg Law: Privacy & Data Security