The FTC recently settled with a mortgage broker and issued a Proposed Order imposing a civil penalty of $120,000 after alleging the broker violated FCRA and other laws by revealing personal information about consumers who left negative reviews about the broker on Yelp.
The underlying Complaint alleged that the mortgage broker’s posting of negative financial information about consumers on Yelp, and failing to provide adequate privacy notices or give consideration to data security requirements, violated FCRA, the Privacy Rule, and the Safeguards Rule, as well as other applicable regulatory responsibilities found in the FTCA and the GLBA.
For a period of approximately one year, from 2015 to 2016, the broker allegedly published responses to negative customer reviews that included information about consumers’ credit histories, debt-to-income ratios, taxes, health, income, family relationships, and, in numerous instances, their first and last names. Some examples provided in the Complaint include instances in which the broker described multiple late payments on a borrower’s credit report, disclosed the number of mortgages co-signed by a borrower, and published statements about the health of a borrower’s family member.
Under the terms of the Order, the mortgage broker is prohibited from (i) misrepresenting privacy and data security practices, (ii) disclosing nonpublic personal information about a consumer unless it complies with disclosure requirements, and (iii) obtaining or using a consumer report for any non-permissible purpose, and may not fail to provide a privacy notice to each consumer with whom the defendants form a customer relationship, or about whom a disclosure of nonpublic personal information is made.