May 28, 2022

Volume XII, Number 148

Advertisement
Advertisement

May 27, 2022

Subscribe to Latest Legal News and Analysis

May 26, 2022

Subscribe to Latest Legal News and Analysis

May 25, 2022

Subscribe to Latest Legal News and Analysis

Consumer Loan Data Seller Receives $1.5 Million FTC Penalty, With Accompanying Executive Liability

As CPW has been tracking, data privacy is a priority of the Federal Trade Commission (“FTC”). A proposed settlement agreement entered into between the FTC and a lead generation company underscores this point, as well as the heightened risk for executives at companies who fail to adhere to applicable privacy regimes.  Read on to learn more.

By way of background, the FTC filed a Complaint on January 5, 2022 for penalties, a permanent injunction, and other relief against ITMEDIA SOLUTIONS LLC (“ITMedia Solutions”), a lead generation company, and its wholly owned subsidiaries, as well as against several of the companies’ executives in their individual capacities. The FTC will generally file a Complaint if it has reason to believe that named defendants are violating or will violate the law and the Commission determines that a proceeding is in the public interest.

The FTC alleged in the Complaint that since at least 2012, ITMedia created and operated at least 200 distinct websites encouraging consumers to complete online loan applications that would be circulated to a select group of lenders for loan offers. These loan applications would include consumers’ PII, such as their birthdates, Social Security numbers, bank routing numbers, account numbers, and other information, and ITMedia included representations on its websites that this information would only be used by lenders for loan offers. In fact, as alleged in the Complaint, ITMedia sold consumers’ information as leads to various entities that were not all lenders or did not all offer loan products, such as marketers, debit card sellers, debt negotiation and credit repair services.

The FTC’s Complaint alleges that at least 84 percent of ITMedia’s consumers had their information sold to nonlenders or used for marketing purposes. Additionally, the Complaint alleges that ITMedia indiscriminately shared consumers’ PII and other sensitive information by broadly sharing consumer information with various entities, regardless of how the entities represented that they would use that information, and failing to mask sensitive information that was distributed to prospective buyers.

Notably, the Complaint also alleges that individual executives of ITMedia were liable because they reviewed ITMedia’s representations to consumers, negotiated or signed contracts to sell consumer information, or participated in lead distribution, or because they remained willfully ignorant of those activities occurring. One of the individuals named as a defendant served as the chief executive of one of ITMedia’s subsidiaries and another as its general counsel. In a concurring statement, Commissioner Christine S. Wilson expressed concern that overzealous pursuit of individual executive liability could serve as a deterrent and should be used scrupulously, particularly with respect to in-house counsel or other legal executives.

On January 6, 2022, the FTC and defendants stipulated to the entry of an order for permanent injunction and judgment. Although the stipulated order still has to be approved and signed by United States District Judge Dale S. Fischer of the Central District of California, this settlement held several individuals liable for unlawful practices in the course of their lead generation activities: the founders, the vice president of business operations, the owners of ITMedia-affiliated LLCs, and the general counsel and chief compliance officer. The FTC, including Commissioner Wilson, reasoned that since the general counsel and chief compliance officer frequently acted in a business capacity, holding him personally liable was justified under the law and “necessary to achieve effective relief.”

The settlement prohibits the defendants from (1) misrepresenting when and why they share consumer’s Personal Information, (2) selling or transferring Personal Information unless the consumer requested a financial product or service (i.e. loan, credit card, credit repair…), and (3) misusing consumer reports, among other prohibitions. The defendants also agreed to (1) screen recipients of a consumer’s sensitive personal information to verify the legitimate need for such information, (2) comply with various compliance reporting and record keeping requirements, (3) destroy and instruct recipient entities to destroy consumer Personal Information obtained prior to the entry of the order, and (4) pay $1,500,000 in civil penalties.

The FTC’s authorities allow it to impose civil penalties of up to $46,517 per violation of Section 5 of the FTC Act, up from last year’s maximum of $43,792. This settlement follows the recent trend of the FTC seeking civil penalties following the Supreme Court’s decision in AMG Capital.

This case is a warning shot to other similarly situated entities—particularly in regards to the actions taken here in regards to company leadership and in-house counsel. As consumer data privacy remains a FTC priority going forward, readers should anticipate more developments along these lines at the enforcement level. Not to worry, CPW will be there to keep you informed every step of the way. Stay tuned.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 11
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Kyle Dull Data Privacy & Cybersecurity Lawyer Squire Patton Boggs Miami Florida
Associate

A former assistant attorney general, Kyle has extensive experience investigating and litigating privacy and advertising law violations. He now draws on that experience to advise clients on their own data privacy, cybersecurity and advertising risks, and is regularly retained by corporations to defend and resolve enforcement actions.

Kyle has a solid understanding of domestic and international privacy laws and counsels digital media companies looking to protect their digital property and avoid potential legal issues by negotiating and drafting licensing, joint venture and data...

+1 305 577 2840
Christina Lamoureux Litigation Attorney Squire Patton Boggs Washington DC
Associate

Christina Lamoureux is an associate in the Litigation Practice in the Washington DC office. She represents a wide variety of clients in complex commercial matters.

Admissions

  • District of Columbia, 2020

Related Services

  • Litigation
202-457-6095
Advertisement
Advertisement
Advertisement