Tag Archives: Penalty

UK ICO Fines Spammers Nearly Half Million Pounds

Posted on November 29, 2012 by Hunton & Williams LLP

On November 28, 2012, the UK Information Commissioner’s Office (“ICO”) issued monetary penalties totaling £440,000 to two owners of a marketing company that sent millions of unlawful spam SMS text messages over a period of three years.

Continue reading…

Tags: Christopher Graham, Data Controller, Data Protection Act, Enforcement, European Union, Information Commissioners Office, International, Marketing, Penalty, Text Message, United Kingdom

FTC Settles Charges of Improper Disposal of Personal Information

Posted on November 8, 2012 by Hunton & Williams LLP

On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint, the FTC maintained that PLS Financial Services, Inc., and The Payday Loan Store of Illinois violated the FTC’s Disposal Rule as well as the Gramm-Leach-Bliley Act’s Privacy Rule and Safeguards Rule by disposing of documents that contained consumers’ Social Security numbers, bank account numbers and credit reports in unsecured dumpsters near the companies’ payday lending and check cashing retail stores. The FTC also alleged that the companies violated the FTC Act by misrepresenting that they would reasonably protect consumer information.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, Illinois, Penalty, Social Security Number, U.S. Federal Law

UK ICO Fines Private Sector Financial Organization Over Customer Data Mix-Up

Posted on November 8, 2012 by Hunton & Williams LLP

On October 29, 2012, the UK Information Commissioner’s Office (“ICO”) served private sector financial services company The Prudential Assurance Company Limited (“Prudential”) with a monetary penalty of £50,000 in connection with a serious violation of the Data Protection Act 1998 (“DPA”). The violation concerned a mix-up involving Prudential customer details. In March 2007, the customer records of two individuals who shared the same first name, surname and date of birth were mistakenly merged into a single customer record. Over the course of the following three years, mortgage and pension policy information relating to each customer was routinely sent to the wrong individual until Prudential took steps to separate the two customers’ records in September 2010.

Continue reading…

Tags: Data Controller, Enforcement, European Union, Financial Privacy, Information Commissioners Office, International, Penalty, Security Breach, United Kingdom

UK ICO Fine Reinforces Public Sector Compliance Concerns

Posted on October 29, 2012 by Hunton & Williams LLP

On October 23, 2012, just two weeks after issuing a series of reports highlighting the UK Information Commissioner’s Office’s (“ICO’s”) concerns regarding data protection compliance within the public sector, the ICO has imposed a monetary penalty of £120,000 and issued an enforcement notice against Stoke-on-Trent City Council (“Stoke Council”) in relation to a serious data breach. The breach involved the transmission of sensitive personal information related to a child protection case by email in an unmarked and unprotected manner to the incorrect email address.

Continue reading…

Tags: Christopher Graham, Enforcement, European Union, Information Commissioners Office, International, Penalty, Security Breach, United Kingdom

Equifax and Its Customers to Pay $1.6 Million to Settle FTC FCRA Enforcement Action

Posted on October 16, 2012 by Hunton & Williams LLP

On October 10, 2012, the Federal Trade Commission announced that consumer reporting agency Equifax Information Services LLC (“Equifax”) and several of its customers, including Direct Lending Source, Inc. (“Direct Lending”), have agreed to pay a combined total of nearly $1.6 million to settle FTC allegations that they violated the Fair Credit Reporting Act (“FCRA”) in connection with the sale of data regarding consumers in financial distress. According to the FTC, Equifax sold Direct Lending and its affiliates lists of individuals who met selected criteria (known as “prescreened lists”); the lists contained information such as credit scores and mortgage payment status. In its complaint, the FTC alleges that Direct Lending and its affiliates did not have a legally permissible purpose under the FCRA to obtain the prescreened lists because they had no intention to use the lists to make firm offers of credit. Instead, these entities allegedly resold the lists to third parties that used the lists for marketing purposes. The FTC alleges that Equifax had inadequate procedures to prevent this from happening and that it failed to properly investigate when it learned that Direct Lending was engaged in these activities.

Continue reading…

Tags: Consent Order, Enforcement, FCRA, Federal Trade Commission, Marketing, Penalty

Artist Arena Agrees to Settle FTC COPPA Violation Charges

Posted on October 5, 2012 by Hunton & Williams LLP

On October 4, 2012, the Federal Trade Commission announced that Artist Arena LLC (“Artist Arena”), an operator of fan websites for several popular recording artists, agreed to settle charges that it violated the Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule (“the Rule”) by improperly collecting personal information from children under the age of 13 without first obtaining verifiable parental consent. The settlement will impose a $1 million penalty on Artist Arena, bar future violations of the Rule and require deletion of the information collected in violation of the Rule.

Continue reading…

Tags: Consent Order, COPPA, Enforcement, Federal Trade Commission, Jon Leibowitz, Online Privacy, Penalty

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Facilities

Posted on September 19, 2012 by Hunton & Williams LLP

On September 17, 2012, the Department of Health and Human Services (“HHS”) announced a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (“MEEI”) for potential violations of the HIPAA Security Rule. In connection with the announcement, the HHS Office for Civil Rights (“OCR”) Director Leon Rodriguez stated that organizations should pay special attention to safeguarding information “stored and transported on portable devices such as laptops, tablets, and mobile phones” and that “compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.”

Continue reading…

Tags: Department of Health and Human Services, Enforcement, Health Privacy, HIPAA, HITECH Act, Massachusetts, Penalty, Protected Health Information, Security Rule

Far-Reaching Implications of Recent FCRA Enforcement Actions

Posted on August 23, 2012 by Hunton & Williams LLP

On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. At first blush, the case may appear to be a simple FCRA matter – the FTC alleged that HireRight functioned as a consumer reporting agency when providing employment screening services to companies, but then failed to take steps to assure the accuracy of those reports and prevented consumers from dispute inaccurate information. Despite initial appearances, however, the case has broader geopolitical implications.

Continue reading…

Tags: Centre for Information Policy Leadership, Consumer Protection, Enforcement, Fair Information Practice Principles, FCRA, Federal Trade Commission, International, Penalty, Workplace Privacy

FTC Fines Employee Background Screening Company $2.6 Million for Alleged FCRA Violations

Posted on August 10, 2012 by Hunton & Williams LLP

On August 8, 2012, the Federal Trade Commission announced a settlement agreement with employment screening company HireRight Solutions, Inc. (“HireRight”). In its first enforcement action against an employment background screening company for Fair Credit Reporting Act (“FCRA”) violations, the FTC alleged that HireRight functioned as a consumer reporting agency, but failed to comply with certain FCRA requirements. The proposed consent order imposes a $2.6 million penalty on HireRight and requires the company to remedy the alleged FCRA violations, create and retain certain records and submit reports to demonstrate compliance.

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Penalty, Workplace Privacy

Divergent Results for Class Action Text Message Spam Suits

Posted on August 8, 2012 by Hunton & Williams LLP

In recent months we have seen a dismissal and two settlements in class action suits alleging violations of the Telephone Consumer Protection Act (“TCPA”) by companies that used text messaging as part of advertising campaigns. The TCPA is a federal privacy law that imposes restrictions on telephone solicitations, including telemarketing calls and text messages.

Continue reading…

Tags: California, Class Action, Consumer Protection, Litigation, Marketing, Penalty, Telemarketing, Telephone Consumer Protection Act, Text Message, U.S. Federal Law