The Federal Trade Commission (FTC) has brought two separate enforcement actions aimed at companies that improperly shared information over peer-to-peer (P2P) networks, putting, according to the FTC’s press release, the information of thousands of consumers at risk. In both cases, the respondents failed to secure their networks, which led to customers’ personal information being exposed. The FTC found in each case that these failures of security constituted unfair trade practices. Again, the FTC has provided business with clear roadmaps to what is, and what is not, acceptable information security.
EPN, Inc. is a debt collector based in Utah specializing in collecting hospital bills. According to the FTC’s complaint, EPN failed to implement many important business practices and failed to use reasonable methods to prevent, detect, and investigate unauthorized access to its networks. As a result, EPN’s chief operating officer was able to install P2P software, which caused a breach affecting approximately 3,800 hospital patients. The information accessed included each patient’s name, address, date of birth, Social Security number, employer name, employer address, health insurance number, and a diagnosis code. The FTC found these practices in violation of Section 5(a) of the FTC Act as an unfair act or practice.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.