The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.