United States of America: Issued ruling in FTC investigation into Drizly's compliance with cybersecurity requirements

On 10 January 2023, the US Federal Trade Commission (FTC) announced that it had issued a finalised order against the alcohol delivery service provider Drizly and its CEO. In its final ruling, the FTC requires Drizly to delete any collected personal data that has no connection to the service the company provides. The ruling specifies that Drizly cannot collect any data that does not serve a specific purpose in providing services and follow its retention policy. Additionally, Drizly will be required to disclose on its website what type of data is collected and what purpose that data collection serves. Finally, Drizly has to implement a comprehensive security program to prevent cyber attacks.