On October 22, 2012 The FTC issued a press release saying Compete deceived Consumers, failed to safeguard sensitive data it collected and has settled data and privacy charges. The FTC said Compete’s web-tracking software collected personal data without disclosing the extent of the information that it was collecting. According to the FTC, Compete’s tracking software collects the browsing behavior data of millions of consumers, generates reports based on the collected browsing behavior data, and then sells these reports to clients who aim to improve website traffic and sales. In the matter of Compete, Inc., a public statement from the FTC can cause tremendous brand and reputation challenges even when managed well.
At the bottom of Compete’s website, in the footer of the website before Compete’s copyright notice, in very tiny letters it says:
If you installed software from Compete, such as Consumer Input, the software has collected and transmitted information to Compete as described here. You may always uninstall the software by following the instructions provided here.
Both of the links above take you to Compete’s Consumer Input website where Compete acknowledges sensitive personal information (e.g., credit card and Social Security numbers) were collected as the FTC’s charges.
Compete went on to add:
“the privacy filters used with versions of the software installed prior to February 1, 2010 may not have sufficiently prevented the transmission to Compete of certain personally identifiable and sensitive information such as information consumers communicated on secure web pages (e.g., https), including credit card numbers, financial account numbers, security codes and expiration dates, usernames, passwords and Social Security numbers. Such inadvertently collected information may have been transmitted to Compete, however, Compete did not knowingly use any such inadvertently collected information in its services. Since that time Compete has made significant improvements to our software and has removed all such inadvertently collected information from our database that our algorithms have identified.”
The FTC’s proposed settlement requires “Compete obtain consumers’ express consent before collecting any data from Compete software downloaded onto consumers’ computers, that the company delete or anonymize the use of the consumer data it already has collected, and that it provide directions to consumers for uninstalling its software.” Anytime personal information is collected without consent or knowledge and this failure is made public, it makes consumers uneasy and breeds distrust of the professional(s) or organization(s) compromising consumer privacy.
Federal Trade Commission (FTC)
As a reminder, the FTC works on behalf of consumers to “prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.” The FTC issues administrative complaints when it believes the law is or was violated, and if the FTC believes that doing so is in the public interest, even though an administrative complaint doesn’t mean the individual or organization in question has actually violated law(s). According to the FTC, a consent agreement is purely for settlement purposes and isn’t an admission of guilt the law has been violated. However, when the FTC issues a final consent order, “it carries the force of law with respect to future actions” and each violation can result in a civil penalty of up to $16,000. In a nutshell, this means the FTC has quite the job keeping consumers safe during these connected and mobile times.
The Federal Trade Commission’s proposed settlement requires Compete to completely disclose the information collected and get consumers’ consent prior to collecting consumers’ data going forward. In addition, as part of the settlement Compete must be transparent about the company’s privacy and data security practices. Compete must also implement a “comprehensive information security program with independent third-party audits every two years for 20 years.”
In a previous post I wrote about the Federal Trade Commission’s Consumer Privacy Report, defined what a data breach is and how data breaches are serious consumer privacy and data security issues. Organizations accessing, collecting or handling consumer information must be diligent and remain aware of how they collect, store and manage digital information…or deal with the consequences.
The Federal Trade Commission’s Proposed Consent Agreement and Request for Public Comments are open until November 19, 2012.