First published: 09th January 2018
Hong Kong toymaker VTech that exposed personal data of about 3 million children in the US in 2015 has reached a settlement with the US Federal Trade Commission (FTC) where the toymaker pays US$650,000 and conducts biannual third-party security assessments.
In the deal, VTech does not admit to breaking the law but does agree to pay the FTC, conduct security assessments by a CISSP, CISA, GIAC or other approved individual or entity for 20 years, and keep records and make compliance reports for 10 years. The law that VTech is not admitting to have broken is the Children's Online Privacy Protection Act (COPPA), which came into effect on 21st April 2000 in the US. COPPA is intended to protect the safety and privacy of children online by prohibiting the unauthorized or unnecessary collection of children’s personal
information online by operators of Internet Web sites and online services.
Yui Kee Chief Consultant Allan Dyer commented, "Although this settlement seems inadequate considering the scale of the negligence and too small to provide a credible economic incentive to companies to give personal data protection the attention it requires, it is still an improvement over the lack of action by the Hong Kong Privacy Commissioner in VTech's home jurisdiction. Will the Hong Kong Government give the Privacy Commissioner some real teeth?"