The Federal Trade Commission announced a settlement concerning the privacy of financial data:
Teletrack, Inc. has agreed to pay $1.8 million to settle Federal Trade Commission charges that it sold credit reports to marketers, in violation of the Fair Credit Reporting Act (FCRA). This settlement seeks to protect consumers’ privacy by ensuring that their sensitive credit report information is not sold for marketing purposes.
According to the FTC’s complaint, as part of its business Teletrack sells credit reports and other services to businesses – such as payday lenders, rental purchase stores, and non-prime rate auto lenders – that mainly serve financially distressed consumers. These businesses use Teletrack’s credit reports to decide whether and on what terms to provide credit to their customers.
The complaint alleges that Teletrack created a marketing database of information that it gathered through its credit reporting business. It then sold the information in this database – including lists of consumers who had applied for non-traditional credit products – to marketers. For example, Teletrack sold lists of consumers who previously sought payday loans to third parties that wanted to use this information to target potential customers. The FTC’s complaint alleges that these marketing lists were credit reports under the FCRA because they contained information about a consumer’s creditworthiness. The FTC charges that Teletrack violated the FCRA, which makes it illegal to sell credit reports without a specific “permissible purpose” under the statute; marketing is not a permissible purpose. […]
The settlement order resolving the FTC’s charges requires Teletrack to furnish credit reports only to those people that it has reason to believe have a permissible purpose to receive them under the FCRA, or as otherwise allowed by the FCRA. It also requires Teletrack to pay a civil penalty of $1.8 million, and contains reporting and record-keeping requirements to ensure the company’s compliance with the decree.