FTC: Businesses Exposed Sensitive Consumer Data
PRIVACY LAW—U.S.June 7, 2012
The Federal Trade Commission (FTC) has announced settlements with two businesses for "illegally exposing the sensitive personal information of thousands of consumers by allowing peer-to-peer file-sharing software to be installed on their corporate computer systems." The FTC alleged that Utah-based debt collector EPN, Inc., "failed to implement reasonable security measures for personal information on its computers and networks," allowing "sensitive information including Social Security numbers, health insurance numbers and medical diagnosis codes of 3,800 hospital patients to be made available to any computer connected to the P2P network." In a separate case, the FTC contended that Georgia-based Franklin's Budget Car Sales, Inc., "compromised consumers' personal information by allowing P2P software to be installed on its network, which resulted in sensitive financial information being uploaded to a P2P network." As part of the settlements, both companies are required to "establish and maintain comprehensive information security programs."