Credit Report Resellers Settle FTC Charges Over Poor Security

more+
less-

The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and the Gramm Leach Bliley Safeguards Rule by failing to take appropriate precautions to protect credit reports and the personal information such reports contain. According to the FTC, the resellers’ information security deficiencies included (1) not having comprehensive information security policies or procedures in place; (2) releasing consumer reports to clients who lacked basic security measures, such as firewalls and updated antivirus software; (3) failing to protect their own internet portals and thereby furnishing credit reports to hackers who lacked a permissible purpose for having them; and (4) not making reasonable efforts to protect against future breaches even after becoming aware of the hackers’ illegitimate activities.

The FTC’s proposed consent order prohibits further violations of the Safeguards Rule and also requires the resellers to do the following:

  • implement comprehensive information security programs designed to protect the security, confidentiality,and integrity of consumers’ personal information, including information accessible to clients;
  • obtain independent audits of their security programs, every other year for 20 years;
  •  furnish credit reports only to those with a permissible purpose; and
  • maintain reasonable procedures to limit the furnishing of credit reports to those with a permissible  purpose

FTC Commissioner Julie Brill used the settlement as an opportunity to emphasize the gravity of the resellers’ offenses and the FTC’s commitment to protecting consumers and their personal information. In connection with the settlement, Commissioner Brill announced that “in the future we will call for imposition of civil penalties against resellers of consumer reports who do not take adequate measures to fulfill their obligations to protect information contained in consumer reports, as required by the Fair Credit Reporting Act.”


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Written by:

more+
less-

Proskauer - Privacy & Data Security on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×