The Federal Trade Commission announced that Gregory Navone of Las Vegas, Nevada, “a mortgage broker who discarded consumers’ personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to settle.” Navone and the FTC agreed to a stipulated final order, which is “for settlement purposes only and [does] not constitute an admission by the defendant of a law violation,” the FTC said.
According to an FTC complaint filed in December 2008, the defendant improperly disposed of about 40 boxes of sensitive consumer records collected by companies he had owned, including tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, and at least 230 credit reports. In addition, two mortgage brokerage companies he previously owned [First Interstate Mortgage Corporation and Nevada One Corporation] failed to provide reasonable and appropriate security for sensitive consumer information, despite promising they would do so.
The FTC charged the defendant with failing to take reasonable measures to protect credit report information from unauthorized access during its disposal, in violation of the Fair Credit Reporting Act and the FTC’s Disposal Rule. The complaint also charged him with violations of the FTC Act for his companies’ misrepresentations about their data security practices.
In addition to imposing a $35,000 penalty, the settlement order bars the defendant from misrepresenting measures taken to protect sensitive consumer information and failing to take reasonable measures to protect credit report information during its disposal. The order also requires him to employ a comprehensive information security program for sensitive consumer information, and to hire an independent, third-party security professional to review the program every year for 10 years to ensure that it meets or exceeds the order’s requirements.