Scott & Scott | Software Compliance Counsel
Scott & Scott Scott & Scott

« Scott & Scott, LLP Selected for On-line Copyright Registration System | Main | Responding to Autodesk Audits »

Mortgage Company Settles With FTC For FACTA Violations

The FTC recently announced its first settlement regarding FACTA document disposal rule, 16 C.F.R. 682, which requires any company collecting consumer information for a business purpose to dispose of that information in a way that prevents unauthorized access and misuse of the data.

American United Mortgage Company agreed to pay a $50,000 penalty in response to the FTC’s accusations that it failed to do the following:

  1. Implement reasonable policies and procedures requiring the proper disposal of consumers’ personal information, including consumer reports;
  2. Take reasonable actions in disposing of such information;
  3. Identify reasonably foreseeable internal and external risks to consumer information;
  4. Develop, implement, or maintain a comprehensive written information security program; and
  5. Provide its customers a privacy notice describing its information collection and sharing practices with respect to affiliated and non-affiliated third parties, as required by the FTC’s Privacy Rule.

The complaint alleged that American United collected personal information about consumers, including Social Security numbers, bank and credit card account numbers, income and credit histories, and consumer reports and that American United failed to dispose of the personal information in accordance with the FACTA provisions regulating document disposal. American United documents containing consumers’ personal information were found in and around a dumpster near its office that was unsecured and easily accessible to the public. Many such documents, some in open trash bags, were found in February 2006.

In addition to the $50,000 payment, the settlement requires American United to obtain an independent, third-party audit to ensure that its security program meets the standards of the order. The audit must be completed every two years for the next 10 years. The settlement also enjoins American United from any further FACTA violations.

If your business collects sensitive consumer information, you should seek counsel for advice regarding FACTA and its state counterparts. FACTA violations could lead to unnecessary expense of time and resources. Properly preparing your business could help prevent subsequent losses.

View the FTC Press Release here.

View the complaint here.

View the FACTA Disposal rule here.

Posted on January 11, 2008 4:02 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on January 11, 2008 4:02 PM.

The previous post in this blog was Scott & Scott, LLP Selected for On-line Copyright Registration System.

The next post in this blog is Responding to Autodesk Audits.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.32