The Federal Trade Commission on Friday ordered Chegg, the homework help and textbook rental company, to step up its data security practices.
FTC commissioners voted 4-0 in favor of finalizing an order that outlines steps Chegg must take to improve its data security practices, including limiting the data the company collects and stores, introducing multifactor authentication options and allowing users to access their information and delete it. The order follows a complaint the FTC filed against Chegg last year for failing to adequately protect the personal information of its customers and employees following four data breaches affecting more than 40 million users.
Effective Jan. 27, Chegg has 90 days to develop a comprehensive information security plan, Nextgov‘s Alexandra Kelly reported.
“Chegg took shortcuts with millions of students’ sensitive information,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a press release. “Today’s order requires the company to strengthen security safeguards, offer consumers an easy way to delete their data, and limit information collection on the front end.”
In a statement first shared in October, a Chegg spokesperson said that data privacy is top of mind for the company.
“Chegg worked cooperatively with the Federal Trade Commission on these matters to find a mutually agreeable outcome and will comply fully with the mandates outlined in the Commission’s Administrative Order,” read the statement, which noted that the last data breach was more than two years ago and that no monetary fines had been imposed. “Chegg is wholly committed to safeguarding users’ data and has worked with reputable privacy organizations to improve our security measures and will continue our efforts.”
Chegg, once only a humble textbook rental service, is now a major public educational technology company that offers a wider range of subscription services, including online tutoring and homework help. The company is scheduled to report its Q4 2022 earnings Feb. 6.