The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
The Federal Trade Commission is taking its role as America’s privacy and data protection authority more seriously than ever.
Fresh on the heels of its new-era privacy manifesto, which lays out its evolving expectations around the intersection of privacy and business, the FTC secured a settlement with three credit report resellers that failed to protect consumers’ personal information when hackers gained access to more than 1,800 credit reports.
“The FTC will take action against companies that cross the line with consumer data and violate consumers’ privacy … I think you’ll see more privacy cases in the coming weeks and months,” said Jon Leibowitz, FTC chairman, when the privacy report was released.
[Article: What Does Privacy Even Mean These Days?]
The resellers bought credit reports from the three nationwide credit-reporting bureaus and combined them into reports for sale to mortgage brokers. The FTC said the resellers failed to:
• Develop and disseminate information security policies for their own institutions and their end user clients;
• Assess the risks of allowing end users with unverified or inadequate security to access consumer reports through their portals;
• Evaluate the security of end users’ computer networks, require appropriate information security measures, and train end user clients;
• Implement reasonable steps to maintain an effective system for monitoring end users’ access to consumer reports, including monitoring to detect anomalies and other suspicious activity; and
• Take appropriate action to correct existing vulnerabilities or threats to personal information in light of known risks.
These failures resulted in the exposure of consumer information to a number of groups and individuals without the authority to access it, including hackers.
What’s interesting about these complaints was their uniformity. In fact they were nearly identical. From my perspective this shows a systemic problem within the industry, one that is general enough for a “form complaint” approach by the FTC.
[Article: The Epsilon Breach: Don’t Take the Bait With Phishing Scams]
What I find most interesting, though, is the fact that there isn’t much that’s interesting here. The nature of the complaints and issues in the cases don’t stand out; these are not “groundbreaking privacy enforcement cases.” They are common privacy related complaints around improperly protecting access to consumer data.
Interestingly too, the punishment is also becoming the norm: 20 years of biannual third-party audits that check for proper processes and procedures to correct and improve the protection of sensitive data. This “life sentence” (as I refer to it) for privacy violations begins to drive home the seriousness of these issues in the eyes of the FTC.
If anything, the vanilla nature of these complaints clearly lays out that companies still aren’t doing enough to protect access to consumer information, and that there is no shortage of this type of lax behavior in any industry. The FTC will just keep chipping away at consumer-oriented privacy abuses, one case—or maybe three cases—at a time.
Image: © Kheng Ho Toh | Dreamstime.com
More from Identity Theft 911:
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams