We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
On June 12, 2012, the Federal Trade Commission (FTC) announced a
settlement with Spokeo, Inc., a data broker that compiles and sells
detailed information profiles on consumers, in connection with
claims that Spokeo violated the Fair Credit Reporting Act (FCRA)
and the FTC's Endorsement Guidelines. Spokeo will pay
$800,000 in civil penalties and has entered into an order
prohibiting it from violating certain FCRA provisions and
misrepresenting the status of any user or endorser of its product
or service.
Notably, this is the FTC's first case to address the sale of
information collected through the internet from social media for
use in the employment screening context. Not only is the FTC
watching what social media companies are doing with users'
information, it is paying attention to how data brokers are using
information collected through social media sites. This case,
while about the FCRA and Endorsement Guidelines specifically,
echoes the enhanced scrutiny for data brokers (and large platform
providers and mobile app developers) evident in the FTC's March 2012 privacy report.
The FCRA was enacted to promote the accuracy, fairness and
privacy of information maintained by consumer reporting agencies
(sometimes incorrectly referred to as credit reporting
agencies). So-called "consumer reports" are broadly
defined in the FCRA as information "bearing on a
consumer's credit worthiness, credit standing, credit capacity,
character, general reputation, personal characteristics, or mode of
living which is used or expected to be used or collected in whole
or in part for the purpose of serving as a factor in establishing
the consumer's eligibility for (a) credit or insurance . . .;
(b) employment purposes; or (c) any other purpose authorized under
[15 U.S.C. § 1681b]." (Other purposes under §
604 of the FCRA, 15 U.S.C. § 1681b, include determining the
consumer's eligibility for a government license or other
benefit, determining capacity to make child support payments, or
some other "legitimate business need for the
information," among other similar uses.)
Spokeo collected information about individuals from online and
offline sources to create profiles that included contact
information, marital status and age range, and in some cases
included a person's hobbies, ethnicity, religion, participation
on social networking sites and photos that Spokeo attributed to a
particular individual. Spokeo marketed these profiles to
companies in the human resources, background screening and
recruiting industries as information to serve as a factor in
deciding whether to interview or hire a job candidate. As
such, Spokeo acted as a consumer reporting agency, and the FTC
alleged that Spokeo violated the FCRA by (a) failing to ensure the
consumer reports it sold were used for legally permissible
purposes, (b) failing to ensure that the information it sold was
accurate and (c) failing to inform users of Spokeo's consumer
reports of their obligations under the FCRA.
The complaint also alleges that Spokeo violated Section 5 of the
FTC Act, which prohibits "unfair or deceptive" trade
practices, by directing its employees to post deceptive
endorsements of its consumer reports as Spokeo customers (instead
of disclosing that the endorsements were posted by Spokeo's own
employees). The order requires that Spokeo remove (or request
removal of) deceptive endorsements of its products, whether on its
own website or third-party websites.
For additional information, the FTC's press release and
related documents can be found here.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Identity theft is a serious threat. In 2012, more than 12.6 million adults became victims of identity theft in the U.S.1 And the costs have been astronomical.
On April 22 Verizon released its 2013 Data Breach Investigations Report (DBIR), which has since 2008 become a leading annual survey of data breaches, with participants across the globe.
Increasingly, privacy is a big concern in app development. California and other jurisdictions are ramping up enforcement efforts around existing privacy laws.
Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.
Steven Tyler: Paparazzi Problem In Hawaii Shouldn’t Be Ignored (Video Content)
