The Federal Trade Commission has voted to finalize a settlement with Twitter, resolving charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information. The settlement was tentatively reached in June 2010.
The FTC alleged that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account.
In addition, Twitter offered its users privacy settings that enabled them to designate their tweets as private.
The FTC’s complaint alleged that between January and May of 2009, hackers were able to gain administrative control of Twitter on two occasions.
Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.
The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.