Conclusion: Among others, the «lessons» that can be gleaned from the VTech and VTech USA cases include: (i) IoT / connected toys and devices remain very vulnerable in the face
of haphazard / sloppy security practices; (ii)
inadequate security safeguards will no longer be tolerated by regulators, particularly when children's information or other sensitive information is involved; (iii) robust and adequate security safeguards involve multi-level tiers
of protection per the above; (iv) vendors should never misrepresent the state
of their security practices in their privacy policies; and (iv) in a connected world, regulators are willing to work together and
share data and
resources to combat «deceptive and unfair practices that cross national borders» (in the words
of the FTC).