United States of America: Closure of FTC Investigation into Verkada for alleged Violations of the CAN-SPAM Act

On 30 August 2024, the Federal Trade Commission (FTC) announced the settlement of its investigation into Verkada, a security camera firm, mandating the development of a comprehensive information security program and imposing USD 2'950'000 as settlement payment for violations of the CAN-SPAM Act. This action follows allegations of Verkada's failure to implement adequate information security practices, which permitted unauthorised access to security cameras. Additionally, Verkada was found to have inundated prospective customers with commercial emails, contravening the CAN-SPAM Act's requirements that commercial emails include features such as unsubscribe links, failing to honour opt-out requests, and not providing a valid physical postal address in the emails. The settlement, pending federal judge approval, also includes provisions for third-party audits of Verkada's information security program and prohibits any misrepresentations about its privacy and data security practices.