Despite many data privacy enforcement actions being launched against larger tech companies, the Federal Trade Commission recently took action against Drizly and its CEO for a data breach in 2018 (pre-Uber acquisition). Drizly is an online platform for ordering alcohol delivery.
In its complaint, the FTC cited Drizly and its CEO's failure to implement basic security measures – including proper storage and monitoring for threats. Drizly, its CEO, and the FTC agreed to a consent order requiring Drizly to destroy unnecessary data, limit its future collection, and create a data security program.
The important takeaways here are:
- The FTC may start enforcing against startups and other small companies;
- The corporate veil may not always shield CEOs and other officers from the FTC's (or any other regulator's) wrath; and
- The privacy and security work that a company does early, while it may take a few dollars from marketing in the near term, will pay incredible dividends later on by avoiding litigation with the FTC, or being sued by private citizens if there is a data breach – the cost of which is higher than ever before.
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-05-15-20-21-35-110-68264ccfc74f716b6d19068f.jpg)
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-05-12-12-20-30-864-6821e78e0975349e01eac777.jpg)
/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-05-09-14-50-12-610-681e1624e67a921cdfb66085.jpg)
![[2025] UKUT 00124 (TCC) George Mantides Limited v HMRC: Further Ammunition for HMRC in Its Battle Against Self-Employment in Healthcare?](https://images.passle.net/fit-in/455x256/filters:crop(0,44,2121,1187)/Passle/62189924f636e915f48daeda/SearchServiceImages/2025-05-01-14-26-34-879-6813849ad721f7839ae6033e.jpg)