Free registration is required to access these resources. Login or Register.

Premium compliance products are also available in the insideARM Store

Following a public comment period, the Federal Trade Commission has accepted as final a settlement with a debt collection agency it charged with illegally exposing the sensitive personal information of thousands of consumers by allowing peer-to-peer file-sharing software to be installed on its corporate computer system.

The settlement with Utah-based debt collector EPN, Inc. will bar misrepresentations about the privacy, security, confidentiality, and integrity of any personal information collected from consumers.  The company also must establish and maintain a comprehensive information security program.

The FTC initially announced the settlement in June. The FTC alleged that EPN, Inc. – doing business as Checknet, Inc. — a debt collector based in Provo, Utah, failed to implement reasonable security measures for personal information on its computers and networks. As a result of these failures, EPN’s chief operating officer was able to install P2P file-sharing software on her EPN desktop, which, in 2008, caused a file containing sensitive information including Social Security numbers, health insurance numbers, and medical diagnosis codes of 3,800 hospital patients to be made available to any computer connected to the P2P network.

According to the agency, the failure to implement reasonable and appropriate data security measures was an unfair act or practice and violated federal law.

“This was an unfortunate incident that was immediately corrected,” said Jessica Devenish, CEO of Checknet. “Since, we have learned considerably in terms of improving our security and infrastructure and stand behind our model today. We have never operated out of arrogance or neglect and we will now continue to operate with our clients and their consumers in mind.”

The company also noted that the incident that led to the FTC complaint was a one-time, isolated event that involved a limited number of records of one particular client. The client contacted Checknet in April 2008 to tell them that the file was available on a P2P network. Checknet immediately removed the P2P network access from the computer.

The settlement in a separate case with the same allegations was also finalized. The FTC charged that auto dealer Franklin’s Budget Car Sales, Inc., also known as Franklin Toyota/Scion, of Statesboro, Georgia, compromised consumers’ personal information by allowing P2P software to be installed on its network, which resulted in sensitive financial information being uploaded to a P2P network.


Related Products

Telephone Communication Compliance: The CFPB's Consent Orders Thumbnail

Telephone Communication Compliance: The CFPB's Consent Orders

Our Telephone Communication Compliance: The CFPB’s Consent Orders guide is designed to help debt collectors comply with consent orders that hint at telephone communication violations. The report includes easy-to-understand explanations of each consent order and a comprehensive chart of all relevant consent orders, keeping the information you need right at your fingertips! This paper has been excerpted from insideARM's larger "The CFPB's Consent Orders Regulating the ARM Industry" report, available for sale now.

Staying Compliant – and Out of Court – with the TCPA Thumbnail

Staying Compliant – and Out of Court – with the TCPA

This reference guide distills the information presented in our webinar. It comes complete with a link to the full recording of the webinar – great for use for all-staff trainings and quarterly in-services -- as well as the slide deck and full transcript of the webinar. This guide doesn’t just walk through what agencies should and should not be doing, going forward -- it contains the full Q&A from the webinar, too. (This product is approved for DBA International Certification Credit.)

The CFPB's Consent Orders Regulating the ARM Industry Thumbnail

The CFPB's Consent Orders Regulating the ARM Industry

Our guide on The CFPB’s Consent Orders Regulating the ARM Industry is the first report of its kind designed to help debt collectors comply with consent orders. The report includes easy-to-understand explanations of each consent order and a comprehensive chart of all relevant consent orders, keeping the information you need right at your fingertips! This report will be updated quarterly.

UPDATED! CFPB’s Advice to the Consumer (through March 2016) Thumbnail

UPDATED! CFPB’s Advice to the Consumer (through March 2016)

The Consumer Financial Protection Bureau hosts more than 80 of the most common consumer questions about debt collection on its Ask CFPB website. And since the Bureau was created for the sole purpose of representing and protecting consumers, debt collectors need to know how the CFPB communicates with them. That’s why insideARM compiled the answers to all 88 questions in one user-friendly report. Using the CFPB’s guidance as a model for your own compliance priorities, policies and procedures means your company will be able to keep up with the Bureau before it feels the need to examine your agency. ALL ANSWERS UPDATED THROUGH MARCH 2016.

Advertisement