Dealing in personal data? Seller beware.

Share This Page

If your company is in the business of pretzels or pitchforks, what you’re selling and who you’re selling to may not be a big deal. But if your stock-in-trade is personal information – sensitive stuff like people’s Social Security and bank account numbers – what’s reasonable under the circumstances may be different. That’s the message companies can take from the FTC’s settlement of a pending complaint against data broker LeapLab.

Cash-strapped consumers are likely to look online for a way out of their financial fix, including visiting sites that claim to offer help in getting payday loans. In the course of the application process, consumers are asked to turn over sensitive personal information – lots of it. According to the FTC, the defendants went to the companies running those sites and acquired hundreds of thousands of applications that contained the name, address, phone number, employer, Social Security number, bank account number, and routing number of people looking for loans.

Was LeapLab a lender? No. The FTC says data broker LeapLab sold about 5% of the applications it acquired to online lenders, who paid the company between $10 and $150 per lead.

So what did LeapLab do with the remaining 95%? They sold them for $.50 a shot to third parties who also weren’t lenders. According to the complaint, those buyers had no legitimate need for the financial information. In fact, at least one of LeapLab’s customers, Ideal Financial Solutions, used the information to help themselves to millions of dollars from consumers’ bank accounts without the account holder’s authorization – conduct that resulted in an FTC lawsuit and substantial injury to people who were already in financial distress.

The settlement prohibits LeapLab, corporate officer John Ayers, and Leads Company from selling or transferring consumers’ sensitive personal information to third parties, misleading consumers about the likelihood of getting a loan or line of credit, or misrepresenting the terms of any loan offer. In addition, they have to destroy all consumer data in their possession.

Defendants agreed to judgments of $5.7 million, which have been suspended based on their financial condition. The court entered an unsuspended $4.1 million default judgment against SiteSearch, the remaining defendant in the case.

Recent FTC workshops, reports, and law enforcement actions have explored the work of data brokers and lead generators. These settlements offer insights into the consumer protection concerns when those two industries intersect. The cases also illustrate the risks of selling consumers’ sensitive personal information to parties without a legitimate need.

 

 

Comments

Without any legal or other "need" and despite an abundance of ridiculous disclaimers, is any information available from the Internet reliable in any shape or form, and if not reliable, why is the content even available? Seems like it is a perfect vehicle to exploit and destroy lives. Of course outlawing such activity is pointless because the Internet is without judicial regulation. Anyone can say anything, despite harm it may cause. Remedies are useless once impressions are "made". How can one honestly say info and data gathered on an individual wasn't used against them. If authors can't be trusted and content can't be verified, why should it be allowed to be posted? Further, if posted, why should anyone be held harmless?

A new twist can't however in retrospect ,companies have who claim to be lenders done this tort of a crime.Its unfortunate that such a direction was taken all for the love of and opportunity to make some extra dough with each end party benefiting.

how do i file a complaint. I have been thru h*(*

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.