Lead Generator that Agrees to Pay $1.5M FTC Penalty for Allegedly Misusing Consumer Data
A lead generation company that allegedly collected sensitive information from millions of consumers under the guise of connecting them with lenders will pay $1.5M in civil penalties as a result of a Federal Trade Commission lawsuit.
The FTC’s complaint alleges that since at least 2012, ITMedia Solutions LLC, a number of affiliate companies, and their owners and officers have operated hundreds of websites that were designed to entice consumers into sharing their most sensitive financial information – including their Social Security numbers and bank account information. The defendants purportedly sold that information to marketing companies and others without regard for how the information would be used.
“ITMedia tricked millions of people into giving up sensitive financial information and then sold it to companies that were not making loans,” said FTC attorney Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The company’s extraction and misuse of this data broke the law in several ways.”
The suit alleges that the defendants – who have used cashadvance.com, personalloans.com, badcreditloans.com and websites with similar names – promised consumers that their information would be shared with “… our network of trusted lenders…” or would “… only be shared with qualified lenders.” Some websites allegedly promised that loans were available for people with bad credit histories without credit score requirements.
In its complaint, the FTC also alleges that 84% of the loan applications collected through these websites since January 2016 were not sold to lenders, but instead disseminated to an array of marketers, debt relief and credit repair sellers, and companies that would resell consumers’ information without regard for how the information would be used.
According to the complaint, in many instances, ITMedia was not even aware of the purpose for which a company was buying consumers’ data, or at times even the physical location of the company.
ITMedia allegedly sold consumers’ information to a group of companies that were sued by the FTC last year for purportedly marketing payday loan products that overcharged consumers by tens of millions of dollars.
The complaint alleges that the harm to consumers from ITMedia’s “indiscriminate” selling of consumer data was substantial, putting them at risk for identity theft and scams.
In addition to allegations of misleading consumers and selling their data without permission, the complaint also alleges that ITMedia violated the Fair Credit Reporting Act by unlawfully obtaining and reselling the credit scores of consumers who submitted information.
The FCRA limits the purposes for which businesses can obtain credit scores and using scores to market leads is not a permissible purpose.
The defendants agreed to settle the FTC charges against them and, in addition to the civil penalty, the proposed settlement order will prohibit the defendants from making misleading statements to consumers, including about how their personal information will be used. The order will also prohibit the defendants from selling consumers’ personal information outside of a limited set of circumstances, and the order requires them to screen the recipients of that information.
FTC lawyer and Commissioner Christine S. Wilson issued a concurring statement addressing the issues of individual liability for those that participate directly in the deceptive practices or have authority to control those practices. This broad standard effectively could enable the Commission to hold individually liable most senior executives holding positions at companies against which enforcement action is initiated. The FTC also can establish liability for monetary relief by showing the defendant had actual knowledge of the deceptive conduct, was recklessly indifferent to its deceptiveness, or had an awareness of a high probability of deceptiveness and intentionally avoided learning the truth,” Commissioner Wilson stated.
Interestingly, here, given the facts, Commissioner Wilson also stated that she believes it appropriate to hold the general counsel individually liable because he allegedly frequently acted in a business capacity (i.e., allegedly participated in the challenged conduct as a business manager rather than as a lawyer).
This matter should be of interests to digital marketers and online lead generators. Contact an experienced FTC defense lawyer if you are interested in discussing the design and implementation of contractual and other lead generation compliance measures in order to minimize potential liability exposure.
Informational purposes only. Not legal advice. May be considered attorney advertising.