United States of America: Order adopted by FTC against Chegg for data breaches

On 31 October 2022, the Federal Trade Commission (FTC) announced it had taken action against Edtech provider Chegg. Chegg did not implement basic required security standards, did not store sensitive health and personal data correctly, and failed to adequately train their staff. This resulted in multiple data breaches that exposed the personal information of 40 million users. The order was approved by the FTC and requires Chegg to follow stricter cybersecurity guidelines. The type of data that is collected, how it is stored and processed needs to be defined and clearly communicated. Users should be able to access and delete their data. Employees should be required to use multi-factor authentication methods for logins. Finally, a detailed overarching security framework needs to be created and implemented by Chegg.