Equifax Settles Charges of Unauthorized Sale of Consumer Mortgage Data

Earlier this month, the Federal Trade Commission announced a settlement with consumer reporting agency Equifax and a data reseller over the unauthorized sale of lists containing the names of mortgage holders, a violation of the Fair Credit Reporting Act. Alison Finnegan at law firm Schnader explains:

“According to the [FTC] charges, Equifax sold lists of people who met selected criteria, including ‘sensitive information such as credit scores and whether they were 30, 60 or 90 days late on their mortgage payments.’ The purchasers allegedly included Direct Lending Source, Inc., a Florida corporation, and its affiliates, Bailey & Associates Advertising, Inc. and Virtual Lending Source. According to the FTC, Direct Lending and its affiliates did not have a legally permissible purpose to obtain the prescreened lists.”

The settlement sends a clear signal that the FTC is serious about protecting sensitive financial information. For companies in the credit reporting business, three takeaways:

1. The cost of violating consumer privacy is going up:

“The [Credit Reporting Agency] will pay $393,000 to resolve allegations that it violated the FTC Act by failing to implement procedures to prevent the sale of lists of consumer information to firms that should not have received them. The resellers agreed to pay a $1.2 million civil penalty and will be barred from using or selling prescreened lists without a permissible purpose, or in connection with solicitations for debt relief or mortgage assistance relief products or services.” (BuckleySandler)

2. Using consumer credit information to target marketing efforts is prohibited:

“The complaint alleged that … the purchasers resold the lists to third parties who used the lists to market products and services aimed at financially distressed consumers, such as loan modification, debt relief, and foreclosure relief services. The FTC charged that the [Credit Reporting Agency] had violated the FCRA by furnishing consumer reports to someone without a ‘permissible purpose,’ and the purchasers had violated the law by obtaining and using such reports without a ‘permissible purpose.’” (Ballard Spahr)

3. The burden is on credit reporting agencies to ensure authorized use of their data:

“As outlined in the FTC’s allegations, reasonable efforts for entities that provide consumer reports include identifying each end user, certifying each purpose for which the consumer reports would be used or certifying that the consumer reports would be used only for a permissible purpose, namely, to make ‘firm offers of credit or insurance.’” (Schnader)

Read the updates:

Follow @FTC_Watch on Twitter>>