The Federal Trade Commission has finalized a settlement with Twitter to resolve charges that the social networking site deceived consumers and put their privacy at risk by failing to safeguard their personal information.

The FTC alleged that serious lapses in the company?s data security let hackers get unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers designated as private. Hackers were also allegedly able to send out phony tweets from any account.

?The FTC?s Twitter settlement on data security highlights the need for businesses to ensure that they have implemented policies and procedures that safeguards users? personal information in a manner that is consistent with the stated privacy policy,? said Andrew Lustigman, principal attorney and owner of The Lustigman Firm P.C., New York.

?These safeguards should be closely reviewed and vetted to ensure that they accurately reflect the business? policies and that there are no lapses or flaws,? he said. ?This should involve proactively testing data security particularly after the business becomes aware of a data lapse.?

The Federal Trade Commission claims to work for consumers to prevent fraudulent, deceptive and unfair business practices and to provide information to help spot, stop and avoid them.

The FTC enters complaints into Consumer Sentinel, an online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.

Privacy concerns
The FTC?s complaint alleged that between January and May of 2009, hackers were able to gain administrative control of Twitter on two occasions.

Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.

The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.

The FTC vote to accept the settlement as final was 5-0.

Ironically, the commission?s press release urged readers to ??Like? the FTC on Facebook and ?follow? us on Twitter.?

The FTC stressed the fact that a consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated.

When the commission issues a consent order on a final basis, it carries the force of law with respect to future actions.

Each violation of such an order may result in a civil penalty of up to $16,000.

Twitter offered its users privacy settings that enabled them to designate their tweets as private.

The privacy policy posted on Twitter?s Web site stated the following:

?Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.?

Final Take
Sree Sreenivasan