15 Actions/Penalties Brought By FTC Under GLBA + FTC Act

The FTC has long provided a great role model for other government oversight and enforcement agencies with regard to their activities in ensuring organizations follow data protection laws and also ensure organizations actually fulfill the promises they make within their published information security and privacy policies. It is too bad most of the other government agencies are not as diligent or nearly as effective in helping to ensure organizations sufficiently protect personally identifiable information (PII).
While doing some research today I compiled a list of the actions the FTC has taken, which I thought may be useful to some of you as well…


The FTC has brought 18 cases as data security actions since 2002
5 of the actions were brought under the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule:

  1. Sunbelt Lending Services Inc., 11/22/04
  2. Nationwide Mortgage Group Inc., 03/14/05
  3. Superior Mortgage Corporation, 10/3/05
  4. Nations Title Agency Inc. and Nations Holding Co., 05/15/06
  5. American United, 12/24/07

13 of the actions were brought under Section 5 of the FTC Act, for unfair and deceptive business practices:

  1. Eli Lilly and Co., 01/28/02
  2. Microsoft Corp., 08/12/02
  3. Guess.com, Inc., 06/23/03
  4. Tower Records, 04/26/04
  5. Petco, 11/22/04
  6. BJ’S Wholesale Club, 06/20/05
  7. DSW Inc., 12/5/05
  8. ChoicePoint, 01/30/06
  9. CardSystems Solutions, 02/27/06
  10. Guidance Software Inc., 11/20/06
  11. Life is Good, 01/21/08
  12. Goal Financial, 03/10/08
  13. ValueClick, 03/17/08

It is worth noting that in addition to these formal actions, the FTC has performed hundreds of investigations related to organizations having poor, lacking or misleading data protection practices. They have also indicated numerous times that they are planning to step up their actions.
Please let me know if there is any action taken by the FTC that I did not get onto this list!

Tags: , , , , , , , , , , ,

Leave a Reply