Email Marketing
On August 30, 2024, the Federal Trade Commission announced that the Department of Justice filed a complaint upon notification and referral from the FTC against a surveillance camera company that allegedly failed to provide reasonable security for the personal information it collected—including 150,000 live camera feeds in sensitive areas like psychiatric hospitals, women’s health clinics, elementary schools and prison cells.
According to the complaint, these alleged failures allowed a threat actor – in March 2021 – to remotely access the company’s customer camera feeds and watch consumers live, without their knowledge or consent. Despite the purported invasive security breach, the company allegedly remained unaware of the threat actor’s exploration until the threat actor self-reported the hack to the media.
According to the FTC, the vast majority of the company’s customers throughout the U.S. and abroad include small businesses spanning multiple industries, including education, government, healthcare, and hospitality. The FTC says that the compromise went beyond the company’s security cameras. According to the complaint, the threat actor also exfiltrated data about the company’s own customers, mostly businesses, including, but not limited to, names, email addresses, physical addresses, usernames and password hashes, and geolocation data for security cameras.
The company’s alleged security failures “are in stark contrast to its many public promises to keep personal and customer information safe,” according to the FTC.
According to the complaint, the company’s own privacy policy claimed that the company “take[s] customer privacy seriously,” and “[w]e will use best-in-class data security tools and best practices to keep your data safe and protect [the company’s] products from unauthorized access.”
The FTC also states that the company’s publicly promised that it was HIPAA certified or compliant and that it followed the EU-U.S.
On August 14, 2023, the Federal Trade Commission announced that it will require Experian Consumer Services, which offers consumers access to their Experian credit information, to pay $650,000 to settle charges it sent consumers unsolicited email without offering them a way to opt out of such messages, as required under the CAN-SPAM Act.
In a complaint filed by the Department of Justice on behalf of the FTC, the agency says that California-based Experian Consumer Services (ECS), also known as ConsumerInfo.com, Inc., spammed consumers with marketing offers after they signed up for an account with the company in order to manage their Experian credit report information.
In the emails, the FTC alleges that the company failed to provide clear and conspicuous notice of consumers’ ability to opt out of receiving additional marketing messages and a mechanism for doing so, in violation of the CAN-SPAM Act, according to the complaint.
“Signing up for a membership doesn’t mean you’re signing up for unwanted email, especially when all you’re trying to do is freeze your credit to protect your identity,” said FTC lawyer Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “You always have the right to unsubscribe from marketing messages, and the FTC takes enforcing that right seriously.”
Consumers who wish to freeze or take other steps to manage their Experian credit information online must create an account with ECS. The complaint charges that consumers who signed up for a free membership account with ECS were then sent emails promoting Experian’s products and services such as one touting Experian Boost,
As previously blogged about here, the FCC recently proposed a rule that would turn the lead generation on its head. The proposed new rule goes quite a bit further than simply requiring wireless carriers to block texts from illegitimate numbers.
In addition to carrier investigation and blocking obligations, as well as an extension of DNC protections to text messages, the FCC proposes:
“…to ban the practice of obtaining a single consumer consent as grounds for delivering calls and text messages from multiple marketers on subjects beyond the scope of the original consent.”
In an illustration of the issue, Company A describes a website that purports to enable consumers to comparison shop for insurance. The website sought consumer consent for calls and texts from insurance companies and other various entities, including Company A’s ‘partner companies.’ The ‘partner companies’ were listed in a hyperlink on the web page (i.e., they were not displayed on the website without clicking on the link) and the list of ‘partner companies’ included both insurance companies and other entities that did not appear to be related to insurance.”
Public Knowledge, an influential non-profit Washington, D.C.-based public interest group argues that lead generators and data brokers use hyperlinked lists to harvest consumer telephone numbers and consent agreements on a website and pass that information to telemarketers and scam callers. Commentors have argued that the telemarketer that obtains the consumer’s contact information from the lead generator may believe that it has the consumer’s prior express consent,
Topics
Archives
About This Blog and Hinch Newman’s Advertising + Marketing Practice
Hinch Newman LLP’s advertising and marketing practice includes successfully resolving some of the highest-profile Federal Trade Commission (FTC) and state attorneys general digital advertising and telemarketing investigations and enforcement actions. The firm possesses superior knowledge and deep legal experience in the areas of advertising, marketing, lead generation, promotions, e-commerce, privacy and intellectual property law. Through these advertising and marketing law updates, Hinch Newman provides commentary, news and analysis on issues and trends concerning developments of interest to digital marketers, including FTC and state attorneys general advertising compliance, civil investigative demands (CIDs), and administrative/judicial process. This blog is sponsored by Hinch Newman LLP.