Loading ...
Sorry, an error occurred while loading the content.
 

ISPLA NEWS- Tracking Software Company Settles with FTC

Expand Messages
  • Peter Psarouthakis
    Tracking Software Company Settles FTC Charges That it Deceived Consumers and Failed to Safeguard Sensitive Data
    Message 1 of 1 , Oct 27, 2012
      <http://www.ftc.gov/opa/2012/10/compete.shtm> Tracking Software Company
      Settles FTC Charges That it Deceived Consumers and Failed to Safeguard
      Sensitive Data it Collected
      ( http://www.ftc.gov/opa/2012/10/compete.shtm)


      A web analytics company has agreed to settle Federal Trade Commission
      charges that it violated federal law by using its web-tracking software that
      collected personal data without disclosing the extent of the information
      that it was collecting. The company, Compete Inc., also allegedly failed to
      honor promises it made to protect the personal data it collected.


      Compete is a company that uses tracking software to collect data on the
      browsing behavior of millions of consumers, then uses the data to generate
      reports, which it sells to clients who want to improve their website traffic
      and sales.


      The proposed settlement will require that Compete obtain consumers' express
      consent before collecting any data from Compete software downloaded onto
      consumers' computers, that the company delete or anonymize the use of the
      consumer data it already has collected, and that it provide directions to
      consumers for uninstalling its software.


      According to the FTC, Compete got consumers to download its tracking
      software in several ways, including by urging them to join a "Consumer Input
      Panel" that was promoted using ads that pointed consumers to Compete's
      website, <http://www.consumerinput.com/> www.consumerinput.com. Compete
      told consumers that by joining the "Panel" they could win rewards while
      sharing their opinions about products and services, the FTC alleged. The
      company also allegedly promised that consumers who installed another type of
      its software-- the Compete Toolbar (from compete.com)-- could have "instant
      access" to data about the websites they visited.


      Compete also licensed its web-tracking software to other companies, the FTC
      alleged. Upromise, which licensed Compete's web-tracking software, settled
      similar FTC charges earlier this year.


      Once installed, the Compete tracking component operated in the background,
      automatically collecting information about consumers' online activity. It
      captured information consumers entered into websites, including consumers'
      usernames, passwords, and search terms, and also some sensitive information
      such as credit card and financial account information, security codes and
      expiration dates, and Social Security Numbers, according to the FTC.


      The FTC charged that several of Compete's business practices were unfair or
      deceptive and violated the law. For example, the company failed to disclose
      to consumers that it would collect detailed information such as information
      they provided in making purchases, not just "the web pages you visit."


      In addition, the FTC alleged that Compete made false and deceptive
      assurances to consumers that their personal information would be removed
      from the data it collected. The company made statements such as:


      * "All data is stripped of personally identifiable information before
      it is transmitted to our servers;" and

      * "We take reasonable security measures to protect against
      unauthorized access to or unauthorized alteration, disclosure or destruction
      of personal information."

      Despite these assurances, the FTC charged that Compete failed to remove
      personal data before transmitting it; failed to provide reasonable and
      appropriate data security; transmitted sensitive information from secure
      websites in readable text; failed to design and implement reasonable
      safeguards to protect consumers' data; and failed to use readily available
      measures to mitigate the risk to consumers' data.

      The proposed settlement order requires Compete and its clients to fully
      disclose the information they collect and get consumers' express consent
      before they collect consumers' data in the future. In addition, the
      settlement bars misrepresentations about the company's privacy and data
      security practices and requires that it implement a comprehensive
      information security program with independent third-party audits every two
      years for 20 years.

      NOTE: The Commission issues an administrative complaint when it has "reason
      to believe" that the law has been or is being violated, and it appears to
      the Commission that a proceeding is in the public interest. The complaint
      is not a finding or ruling that the respondent has actually violated the
      law. A consent agreement is for settlement purposes only and does not
      constitute an admission by the respondent that the law has been violated.
      When the Commission issues a consent order on a final basis, it carries the
      force of law with respect to future actions. Each violation of such an
      order may result in a civil penalty of up to $16,000.

      Bruce Hulme
      ISPLA Director of Government Affairs
      www.ISPLA.org

      Your Proactive Voice from State Capitols to the Nation's Capitol


      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.