ch as those in Drizly’s privacy policy. The FTC’s treatment of these statements as false or misleading highlights that those individuals drafting privacy policies, ad copy, and other customer-facing materials need to be in communication with those responsible for a company’s data security practices to ensure that any statements about the company’s data security practices are accurate and defensible.* * *The FTC’s proceedings against Drizly show that the FTC is taking new approaches towards information security, including looking beyond the company itself to its executives, emphasizing data minimization, and policing statements regarding information security in addition to the sufficiency of the information security itself. Companies subject to the FTC Act should be aware of these developments so that they can respond as necessary to ensure compliance. Draft Compl. ¶ 4, In re Drizly, LLC, FTC Dkt. No. 202-3185, https://www.ftc.gov/system/files/ftc_gov/pdf/202-3185-Drizly-Complaint.pdf. 87 Fed. Reg. 65767, 65769 (Nov. 1, 2022). 87 Fed. Reg. 65767, 65771 n.7 (Nov. 1, 2022). Draft Compl. ¶¶ 13(a)-(f), In re Drizly, LLC, FTC Dkt. No. 202-3185, https://www.ftc.gov/system/files/ftc_gov/pdf/202-3185-Drizly-Complaint.pdf. 87 Fed. Reg. 65767, 65770 (Nov. 1, 2022). Draft Compl. ¶ 16, In re Drizly, LLC, FTC Dkt. No. 202-3185, https://www.ftc.gov/system/files/ftc_gov/pdf/202-3185-Drizly-Complaint.pdf.