After a data breach at VTech revealed practices that allegedly violated the FTC Act and the Children’s Online Privacy Protection Act (COPPA), VTech settled for $650,000 and agreed to implement a comprehensive data security program subject to audit for the next 20 years.  VTech makes children’s electronic learning products.  The FTC complaint alleged that VTech’s privacy policy promised that it would encrypt most transmitted information but it did not.  Further, the FTC claimed that VTech failed to comply with COPPA rules regarding the protection of information of children under 13.  This settlement illustrates that the FTC is not letting businesses off the hook for lax information security programs and highlights the importance of accurate privacy policies.  Know what rules apply to your business and be sure that the promises you make to your customers with respect to privacy are accurate.  More information on the FTC settlement can be found here.