FTC ITMedia Settlement Over Misuse of Customer Information

On January 6, 2022, the Federal Trade Commission entered into a $ 1.5 million settlement with loan application company ITMedia Solutions LLC (“ITMedia”) for alleged violations of the FTC Act and the Fair Credit Reporting Act (“FCRA”) ). The FTC alleged that ITMedia deceptively acquired sensitive personal information from consumers and disclosed it indiscriminately, using the pretext of associating them with lenders.

Since 2012, ITMedia, operating under website names such as cashadvance.com, personalloans.com and badcreditloans.com, has allegedly solicited sensitive personal information from consumers, including social security numbers and bank account information, in order to connect them to ITMedia’s “Trusted Lenders Network.” In some of these sites, ITMedia reportedly promised no credit requirements for people with poor credit history.

The FTC claimed that 84 percent of the loan applications ITMedia has received since 2016 were sold as marketing tips to a variety of marketers, debt relief and loan repair sellers, and other unauthorized parties as opposed to lenders. In its complaint, the FTC alleged that ITMedia had failed to impose usage restrictions on the information it sold and, in many cases, was unaware of the purposes for which companies bought consumer information.

As a result of ITMedia’s alleged fraudulent practices, the FTC accused ITMedia of violating Section 5 (a) of the FTC Act, 15 USC Section 45 (a). The FTC’s complaint also alleged that ITMedia improperly acquired and resold consumers who submitted information in violation of Sections 604 and 607 of the FCRA, 15 USC Sections 1681b and 1681e. ITMedia neither admitted nor denied the allegations in the complaint, but agreed to settle the claims.

Under the proposed settlement arrangement, ITMedia will pay a civil penalty of $ 1.5 million. The settlement arrangement prohibits the company from engaging in a wide variety of activities, including:

  • Misleading consumers, particularly as to the purposes for which consumer data is collected and disclosed and the entities with which the data is shared;

  • Selling or disclosing sensitive consumer personal information unless certain requirements are met, including obtaining explicit informed consent;

  • use or obtain a consumer report for improper purposes; and

  • Violating appropriate procedures to ensure the lawful use of consumer reports or sensitive personal information collected or disclosed by ITMedia.

In addition, ITMedia is obliged to destroy all inadmissibly obtained sensitive personal data in its possession and to instruct all recipients of this information to do the same. ITMedia must submit a report within 90 days of the order and again one year thereafter confirming compliance with the billing order. The regulation also provides that ITMedia complies with certain recording and monitoring obligations.

Copyright © 2022, Hunton Andrews Kurth LLP. All rights reserved.National Law Review, Volume XII, Number 12

Leave a Comment

Your email address will not be published. Required fields are marked *