This week the FTC once again demonstrated that they aggressively enforce compliance with those regulations for which they have responsibility.
In their press release, “FTC Announces Law Enforcement Crackdown on Do Not Call Violators” they detail their recent actions against six organizations for non-compliance with the Do Not Call (DNC) registry requirements. The involved settlements totaled close to $7.7 million in civil penalties. In addition to the following, actions against Global Mortgage Funding are pending.
Here is an overview of the non-compliance activities and associated fines/penalties:
1) Craftmatic. Penalty applied: $4.4 million. Why? They worked with a third party, Eric Krafstow, to run sweepstakes promotions offering consumers who filled out an entry form the chance to win a Craftmatic bed. The sweepstakes form indicated that the consumers‚Äô telephone number was their entry number. Craftmatic subsequently placed tens of thousands of calls to consumers who entered the sweepstakes, even though the form did not indicate that by filling it out they would receive sales calls, and the company did not seek their express consent to call them. Additionally, Craftmatic “did not connect consumers to a live representative within two seconds of when consumers said ‚Äúhello,‚Äù leaving them to find only dead air upon answering” and Craftmatic did not honor consumers’ requests to be put on their do-not-call list.
2) ADT. Penalty applied: $2 million 3) Alarm King. Penalty applied: $20,000 of a $2.3 million suspended judgment to settle FTC accusations & 4) DSS. Penalty applied: $25,000. Why? “ADT marketed its security systems directly to consumers and through authorized dealers, which used a variety of marketing techniques, including telemarketing. In telemarketing its services, ADT, Alarm King, and Direct Security Services each called consumers whose numbers were on the DNC Registry.” This is an important point; the authorized dealers used their own telemarketers, but the FTC found ADT is liable for those calls since the telemaketers were making the calls on behalf of ADT.
5) Ameriquest. Penalty applied: $1 million & ensure lead generators tell consumers that they may be contacted by Ameriquests. Why? “Ameriquest’s telemarketers improperly called consumers on the Registry whose numbers had been obtained from third-party lead-generators. The lead generators enticed consumers to provide their contact information, including phone numbers, using Web sites that offered information on financial and other products.” Because the people on the list did not initiate contact with Ameriquest specifically, the FTC did not have an ‚Äúestablished business relationship‚Äù with them, so the calls were illegal. Ameriquest also did not honor consumers’ request to be put on their do-not-call list. making calls to registered numbers illegal. Ameriquest also allegedly also ignored consumers‚Äô requests to be placed on its entity-specific do not call list.
6) Guardian Communications. Penalty applied: Judgment was for $7.95 million, but the FTC settled for $150,000 because the company could not pay any more. Why? “The FTC charged Guardian, U.S. Voice Broadcasting, and their principal, Kevin Baker, with violating the Registry rules related to the use of pre-recorded messages…Guardian ‚Äúblasted‚Äù phone numbers with pre-recorded telemarketing pitches, immediately terminating calls when a live consumer answered, leaving ‚Äúdead air‚Äùand giving them no opportunity to ask to be placed on the company’s entity-specific no-call list.” Guardian also sent bogus Caller ID information to consumers.
34 cases have been filed against organizations for violations of the DNC requirements since it went into effect in 2003.
Are your marketing areas in compliance with the DNC requirements? Check with them to find out!
Compliance for the DNC requirements require involvement from the information security area (to ensure appropriate access controls and related policies), privacy (to ensure proper notice and related communications to consumers and customers as they apply to their PII), and IT (to make the programming and systems changes as directed by information security and privacy areas).
Just some of the important lessons to take from these judgments include:
* Your company can, and demonstrably likely will, be held liable for the illegal activities of your contracted business partners. If you have contracted another company to do your marketing, be sure they are not breaking laws that will result in hefty fines to your organization.
* You must tell consumers what you are going to do with personally identifiable information (PII) you collect from them. Make sure you have policies in place requiring notice to be given to consumers explaining all the actions that your organization plans to do with the PII you collect from consumers and customers.
* You must honor requests to put individuals on your do not call list. Make sure you have policies in place requiring all areas of your company, and your business partners doing marketing on your behalf, to put consumers on teh do not call list at their request.
* Provide awareness and training about how to give notice. Make sure your marketing and sales folks have procedures in place to give notice to consumers for what they plan to do with the information they collect from them.
* Provide awareness and training about how to put consumers and customers on your do not call list. Make sure your marketing and sales folks have procedures in place to implement requests from consumers to put their names on your do not call list.
Tags: ADT, Alarm King, Ameriquest, awareness and training, Craftmatic, Do Not Call, DSS, FTC, Global Mortgage Funding, Guardian Communications, Information Security, IT compliance, policies and procedures, privacy, privacy training, risk management, security training