“The FTC is steadily hacking the law to make itself the country’s de facto privacy regulator. In this case, it’s using its right to punish a company for being ‘unfair’ to consumers. But its power is limited: it can’t fine TRENDnet; it can only require it to notify customers, establish ‘a comprehensive security program’ — that includes pen testing its products — and agree to 20 years of privacy audits (just like Facebook and Google). If TRENDnet messes up again after this, the FTC can then fine it up to $16,000 per violation (a power it used to fine Google $22.5 million). There may well be more FTC orders to come.”
