On Friday, February 22, 2013, the FTC resolved an enforcement action that it brought against HTC America Inc. for allegedly failing to use "reasonable and appropriate" security measures in developing and customizing its devices. In its first case against a mobile device manufacturer, the FTC has instructed HTC America Inc. about how to develop and build its products. The settlement between the FTC and HTC serves as yet another example where, in the absence of federal or state legislation, the FTC has stepped in and created data security standards. Essentially, the FTC continues to informally create legislation through settlements of its enforcement actions.  A copy of the consent order settling this action is attached here: ftc.gov/os/caselist/1223049/130222htcorder.pdf