The Federal Trade Commission said today it has finalized a proposed settlement it announced last June with Twitter, which resolved charges that Twitter deceived users and put their privacy at risk by not protecting their personal information.
The FTC alleged that lapses in the company’s data security allowed hackers to obtain administrative control of Twitter, including both access to non-public user information and tweets that users had set as private, and the ability to send out phony tweets from any account.
The privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.” In addition, Twitter offered its users privacy settings that enabled them to designate their tweets as private.
The FTC’s complaint alleged that between January and May of 2009, hackers were able to gain administrative control of Twitter on two occasions.
Under the terms of the settlement, Twitter will be barred for 20 years from misleading users about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.
The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.