Daily News and Information for the Mortgage Loan Originator
$50,000 Fine for Tossing Borrowers' Credit Reports in Dumpster
Wednesday, January 02, 2008
-
CHICAGO, IL - A mortgage company that left loan documents with consumers’ sensitive personal and financial information in and around an unsecured dumpster has agreed to settle Federal Trade Commission charges that it violated federal regulations. The FTC’s complaint alleges that Northbrook, Illinois-based American United Mortgage Company violated the Disposal, Safeguards, and Privacy rules by failing to properly dispose of credit reports or information taken from credit reports, failing to develop or implement reasonable safeguards to protect customer information, and not providing customers with privacy notices.
“Every business, whether large or small, must take reasonable and appropriate measures to protect sensitive consumer information, from acquisition to disposal,” FTC Chairman Deborah Platt Majoras said. “This agency will continue to prosecute companies that fail to fulfill their legal responsibility to protect consumers’ personal information.”
According to the FTC’s complaint, American United collects personal information about consumers, including Social Security numbers, bank and credit card account numbers, income and credit histories, and consumer reports. Since at least December 2005, the company engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for consumers’ personal information. Among other things, the company allegedly failed to implement reasonable policies and procedures requiring the proper disposal of consumers’ personal information, including consumer reports; to take reasonable actions in disposing of such information; and to identify reasonably foreseeable internal and external risks to consumer information. The company also allegedly failed to develop, implement, or maintain a comprehensive written information security program.
As a result of the company’s failures, the complaint alleges, on multiple occasions American United documents containing consumers’ personal information were found in and around a dumpster, near its office, that was unsecured and easily accessible to the public. In February 2006, for example, hundreds of such documents were found, many in open trash bags, including consumer reports for 36 consumers. In March 2006, FTC staff notified the company in writing about this situation, and on at least two occasions afterward, more such documents were found in and around the same dumpster.
The complaint charges American United Mortgage Company with violating the FTC’s Disposal Rule, which requires companies to dispose of credit reports and information from credit reports in a safe and appropriate manner, and the FTC’s Safeguards Rule, which requires financial institutions to take appropriate measures to protect customer information. The complaint also alleges that from July 1, 2001 until March 2006, the company failed to provide its customers with a privacy notice describing its information collection and sharing practices with respect to affiliated and non-affiliated third parties, as required by the FTC’s Privacy Rule.
The stipulated judgment and final order requires American United to pay a $50,000 civil penalty for violations of the Disposal Rule and prohibits the company from further violations of the Disposal, Safeguards, and Privacy rules. The settlement also requires American United to obtain, every two years for the next 10 years, an audit from a qualified, independent, third-party professional to ensure that its security program meets the standards of the order.
This is the FTC’s first Disposal Rule case and its 15th case challenging faulty data security practices by companies that handle sensitive consumer information.
Related
Articles :
Calling Leads Lands Mortgage Company in Hot Water The Federal Trade Commission and the US Department of Justice has settled another case involving Do Not Call violations by a mortgage company. The settlement includes a $426,782 civil penalty against USA Home Loans Inc. and its owner, David Vach.
FTC Alleges Ads For “Free” Credit Report Violate Federal Court Order Consumerinfo.com, doing business as Experian Consumer Direct, will pay $300,000 to settle Federal Trade Commission charges that ads for its "free credit report" offer failed to disclose adequately that consumers who signed up would be automatically enrolled in a credit- monitoring program and charged $79.95. The FTC alleged that the failure to clearly disclose the enrollment and charges violated a previous settlement.
Defunct Ameriquest and Global Mortgage Funding Part of Seven Million DNC Settlement The Federal Trade Commission announced a law enforcement crackdown on companies and individuals accused of violating the requirements of the National Do Not Call Registry, resulting in six settlements collectively imposing nearly $7.7 million in civil penalties, along with an additional complaint that will be filed in federal district court.
Mortgage Company Settles Data Security Charges A Texas-based mortgage lender has settled Federal Trade Commission charges that it violated federal law by failing to provide reasonable security to protect sensitive customer data. The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it. A hacker compromised the data by breaking into the home seller's computer, obtaining the lender's credentials, and using them to access hundreds of consumer reports.
