brought by the FTC and HHS for violating consumer and medical privacy laws. CVS had allegedly been disposing of patient information via unsecured trash containers. (FTC File No. 072 3119). In re TJX, Inc. (2008). The parent company of several major retailers, in settling charges of failing to adequately protect customers’ credit card numbers, agreed to allow comprehensive audits of its data security system for 20 years. TJX was accused of storing unencrypted sensitive information, failing to limit unauthorized wireless access to networks, and not employing appropri-ate security safeguards. (FTC File No. 072-3055). In re Choicepoint (2006) . A database owner and data broker, agreed to pay $15 million to settle charges filed by the FTC for failing to adequately protect the data of millions of consumers. Choicepoint had failed to exercise proper credentialing procedures that resulted in fraudulent access of personal information and identity theft by those accessing the information. (FTC File No. 052-3069). In re Microsoft Corp. (2002) . (FTC File No. 0123240, M03) and In re Guess.com Inc. (2003) . (FTC File No. 0223260). In both of these actions, the FTC claimed that the companies misrepresented security protections on their websites and failed to provide even the most basic data security safeguards. No data was actually lost in either of these cases and there was no data breach. Still, the promise or misrepresentation of data security was sufficient for the FTC to take action. Neither Microsoft nor Guess paid a fine but they were required to establish extensive written security programs and remain open to privacy audits for 20 years. In re HireRight Solutions, Inc. (2012) (FTC File No. 102- 3130) (FTC File No. 102- 3130) Employment background checking company providing “consumer reports” failed to use reasonable procedures to assure the maximum possible accuracy of the information, failed to give consumers copies of the reports, and failed to investigate consumer disputes. It agreed to pay $2.6 million for FCRA violations in addition to other corrective actions.
29
Made with FlippingBook - Online Brochure Maker