A California-based lead generation company recently settled with the FTC for $1.5 million over alleged privacy violations. The FTC argued that the company deceptively acquired consumer personal information and improperly shared this information with various entities under the guise of connecting consumers with lenders.  Information in question included Social Security numbers and bank account information.

As covered in our sister blog, according to the complaint, the company operates hundreds of websites encouraging consumers to complete online loan applications. It represented that it would send those applications only to a “trusted network of lenders.” The company made many representations about the limits of its sharing. Despite these promises, the FTC alleged, the company sold consumers’ information to non-lender marketers, debit card sellers, debt negotiation and credit repair services. This sharing constituted deception under Section 5 of the FTC Act.

The company also failed to impose use restrictions on the information sold and, in many instances, was not aware of the purposes for which companies were purchasing the consumers’ information. These acts constituted unfair practices under Section 5.  The FTC’s complaint also alleged that the company unlawfully obtained and resold the credit scores of consumers in violation of the Fair Credit Reporting Act.

Putting it into Practice: This case highlights the FTC’s ongoing focus on ensuring companies are following their stated practices, especially when it involves sharing sensitive information with third parties.