According to the FTC’s proposed orders, Drizly will be required to erase any personal data it previously obtained that is no longer required to offer its services. It will also be required to stop collecting unneeded data in the future and to openly disclose the information it needs from users on its website. It will also need to put in place a thorough security policy and hire an executive to manage its operations.
Due to his participation in presiding over Drizly’s inadequate security standards, the commission has also imposed directives that individually apply to Rellas. Even if Rellas chooses to quit the alcohol delivery business, he will still be obligated to develop an information security program at any future company where he serves as CEO, majority owner, or senior executive engaged in security. According to The Washington Post, the FTC has seldom targeted leaders in such security breach instances in the past, indicating a new strategy to dealing with corporations with poor security procedures.
