FTC Settles with Mortgage Analytics Company over Vendor Data Security

Weiner Brodsky Kider PC
Contact

Weiner Brodsky Kider PC

The FTC recently announced a proposed settlement with a mortgage analytics company over allegations that the company violated the Safeguards Rule when it failed to ensure that one of its vendors was adequately securing the personal data of mortgage holders.

According to the FTC’s complaint, the company hired a vendor to perform text recognition scanning on mortgage documents containing sensitive consumer data but failed to vet the vendor’s security measures before doing so.  The vendor later allegedly failed to safeguard this information while storing it in a cloud-based server, which was misconfigured, leaving the information exposed online to the public for an extended period of time.  During this period, the FTC alleges, the exposed consumer data was accessed by approximately 52 unauthorized IP addresses.

The FTC claims that the company failed to take reasonable steps to select vendors capable of appropriately safeguarding consumer data despite maintaining a vendor risk management policy containing due diligence procedures for vendor selection.  The FTC also alleges that the company failed to identify the security risks to consumer data and assess the sufficiency of any safeguards in place to control those risks, all in violation of the Safeguards Rule. 

Under the terms of the proposed settlement, the company will be required to maintain a comprehensive data security program and obtain data security assessments by a third party.  Additionally, the proposed settlement requires the company to maintain certain records and submit regular compliance reports to the FTC.  In agreeing to the proposed settlement, the company neither admits nor denies any of the allegations in the complaint, except for jurisdictional purposes.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC
Contact
more
less

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.