Showing posts with label FAIR CREDIT REPORTING ACT. Show all posts
Showing posts with label FAIR CREDIT REPORTING ACT. Show all posts

Tuesday, February 4, 2014

FTC TESTIFIES ON DATA SECURITY

FROM:  FEDERAL TRADE COMMISSION 
FTC Testifies on Data Security before Senate Banking Subcommittee

In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.

Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.

“Data security is of critical importance to consumers.  If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.

The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data.  These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.

Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states.  Last week, the agency announced it had reached a milestone with its 50th data security settlement.  GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.

“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.

The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles.  These include:  knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.

The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en LĂ­nea.  For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.

The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.

Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security.  The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.

“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.

The Commission vote approving the testimony and its inclusion in the formal record was 4-0.

Friday, August 16, 2013

CHECK SERVICES COMPANY WILL PAY $3.5 MILLION SO SETTLE ALLEGED FCRA VIOLATIONS

FROM:  U.S. FEDERAL TRADE COMMISSION
Certegy Check Services to Pay $3.5 Million for Alleged Violations of the Fair Credit Reporting Act and Furnisher Rule

Penalty is Second-largest in a Fair Credit Reporting Act Matter
Certegy Check Services, Inc., one of the nation’s largest check authorization service companies, has agreed to pay $3.5 million to settle Federal Trade Commission charges that it violated the Fair Credit Reporting Act (FCRA).

Certegy, based in St. Petersburg, Florida, is a consumer reporting agency (CRA) that compiles consumers’ personal information and uses it to help retail merchants throughout the United States determine whether to accept consumers’ checks.  Under the FCRA, consumers whose checks are denied based on information Certegy provides the merchant, have the right to dispute that information and have Certegy correct any inaccuracies.

The FTC’s complaint alleges, among other things, that Certegy did not follow proper dispute procedures.  The complaint further alleges that Certegy failed to follow reasonable procedures to assure maximum possible accuracy of the information it provided to its merchant clients, as required by the FCRA.

Among other things, the settlement requires Certegy to make improvements in these areas.  This case is part of a broader initiative to target the practices of data brokers, which often compile, maintain, and sell sensitive consumer information.  Consumer reporting agencies like Certegy are data brokers that sell information to companies making important decisions about consumers, such as their ability to get credit or pay for goods and services by check.

“Inaccurate information in a consumer reporting agency’s file can have a huge impact on a person’s everyday life, starting with their check being denied at the grocery store,” said Jessica L. Rich, Director of FTC’s Bureau of Consumer Protection.  “In this case, we alleged that Certegy delivered a one-two punch:  the company not only failed to assure that the information it provided to retailers was accurate, but it also failed to follow proper dispute procedures.  Today’s settlement will benefit consumers who use checks to pay for essential goods and services, including many older consumers and people without alternate means of payment, such as credit cards.”

In addition to the allegations described above, the complaint alleges that Certegy violated the FCRA by failing to create a streamlined process for consumers to obtain free annual reports that they are entitled to; and establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information it furnishes to other CRAs.  This is the first Commission action alleging violations of the Furnisher Rule, which went into effect on July 1, 2010.  The settlement requires Certegy to comply with the Furnisher Rule, as well as the requirement to maintain a streamlined process so that consumers can request their free annual reports.

Friday, October 12, 2012

U.S. JUSTICE DEPARTMENT ALLEGES RESALE OF CREDIT REPORT DATA

FROM: U.S. DEPARTMENT OF JUSTICE,

Thursday, October 11, 2012
Justice Department Files Lawsuit Against Three Related Companies for Violating Fair Credit Reporting Act

The United States has filed a complaint against three related companies that bought and sold consumer credit reports, the Justice Department announced today. The government’s complaint charges these companies with violating the Fair Credit Reporting Act (FCRA). The companies have agreed to pay a $1.2 million civil penalty to resolve these charges.

In a complaint filed Oct. 9, 2012, the United States alleged that Direct Lending Source Inc., and Bailey & Associates Advertising Inc., both Florida corporations, Virtual Lending Source LLC, based in San Diego, Calif., and the principals of all of these entities, Robert M. Bailey, Jr. and Linda Giordiano , violated the FCRA by failing to comply with provisions forbidding the sale of credit reports without a "permissible purpose." The complaint alleges that the defendants purchased thousands of "pre-screened" consumer lists, or collections of credit report data. The only permissible purpose under the Act for using such prescreened lists is to make "firm offers of credit or insurance" to consumers. However, the complaint alleges that the defendants re-sold the lists to dealers who marketed loan modification, debt relief and credit repair services rather than making firm offers of credit. According to the complaint, some of the dealers who purchased the defendants’ credit report data have become the subject of law enforcement actions or warnings involving fraud committed against consumers in financial trouble.

The complaint also alleges that the defendants did not take reasonable steps to identify the ultimate purchasers of the credit reports. In some cases, according to the complaint, the defendants sold lists to brokers who then re-sold them to unidentified entities.

"The sensitive financial information in credit reports must be protected from those who would use it to target vulnerable consumers for sham offers," said Stuart Delery, Acting Assistant Attorney General for the Civil Division. "We will work with the Federal Trade Commission to aggressively enforce the laws that safeguard these reports."

Along with the $1.2 million civil penalty, the defendants agreed to injunctions against future FCRA and FTC violations in a proposed consent decree that must be approved by the court. The proposed order would prohibit the defendants from using, obtaining or reselling consumer reports for unauthorized purposes. The proposed order also would prohibit the defendants from selling consumer reports in connection with solicitations for debt relief and mortgage relief services that charge advance fees.

The Federal Trade Commission (FTC), which oversees the FCRA, referred the case to the Department. The lawsuit, United States v. Direct Lending Source et al., was filed in the Southern District of California.

Acting Assistant Attorney General Delery thanked the FTC for referring this matter to the Department. The Consumer Protection Branch of the Justice Department’s Civil Division brought the case on behalf of the United States.

Search This Blog

Translate

White House.gov Press Office Feed