In Global Data Review, Kathleen A. McGee, former Bureau Chief of the New York Attorney General’s Bureau of Internet and Technology and author of New York State’s SHIELD Act on data security, discusses the settlement reached between the FTC and Drizly after the latter’s significant data breach. The settlement not only requires Drizly to destroy any unnecessary personal data and implement a mandated security program, but also requires the company’s CEO to implement an information security program at any future company where he is majority owner, chief executive, or senior officer, if the company collects information from more than 25,000 individuals. McGee calls the settlement “outstanding," but “unsurprising,” especially in light of the recent conviction of Uber's former chief executive for a similar data breach. (subscription required to access article)