FTC effectively shuts down Utah company’s operations pending compliance with mandated data security plan

On November 12, 2019, the FTC announced that InfoTrax, a Utah technology company, agreed to implement an overhauled data security program as part of a 20-year consent agreement in the wake of a hack to the company’s network. InfoTrax is prohibited from collecting, selling, sharing, or storing personal information pending the overhaul of security operations—temporarily shutting down the company’s operations.

  • The settlement highlights that the FTC is continuing to take a strong stance on cybersecurity.
  • Companies that are not consumer-facing nonetheless have an obligation to maintain sound cybersecurity practices.
  • Furthering a regulatory trend, the settlement requires senior official accountability, and it emphasizes that companies remain responsible for personal information they pass to other companies.

Learn more.

Back to top