<div dir="ltr"><div>Good day all,</div><div><br></div><div>An example for our own Office of The Data Protection Commissioner (ODPC) of proactiveness or a heavy handed/aggressive approach?</div><div><br></div><div>The FTC in their blog post threatened legal action and likened this turning into a situation like the #Equifax breach which resulted with the credit reference bureau paying out $700 million in fines.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><span><span>When vulnerabilities are discovered and exploited, it risks a
 loss or breach of personal information, financial loss, and other 
irreversible harms. The duty to take reasonable steps to mitigate known 
software vulnerabilities implicates laws including, among others, the 
Federal Trade Commission Act and the Gramm Leach Bliley Act. It is 
critical that companies and their vendors relying on Log4j act now, in 
order to reduce the likelihood of harm to consumers, and to avoid FTC 
legal action. According to the complaint in </span><a href="https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related" target="_blank"><span><span>Equifax</span></span></a><span>,
 a failure to patch a known vulnerability irreversibly exposed the 
personal information of 147 million consumers. Equifax agreed to pay 
$700 million to settle actions by the </span><a href="https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement" target="_blank"><span><span>Federal Trade Commission</span></span></a><span>, the </span><a href="https://www.consumerfinance.gov/equifax-settlement/" target="_blank"><span><span>Consumer Financial Protection Bureau</span></span></a><span>,
 and all fifty states. The FTC intends to use its full legal authority 
to pursue companies that fail to take reasonable steps to protect 
consumer data from exposure as a result of Log4j, or similar known 
vulnerabilities in the future.</span></span></div></blockquote><div><br></div><div><a href="https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability" target="_blank">https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability</a></div><div><br></div></div>