In another action by the FTC to ensure that companies are providing adequate data security, the agency recently settled with Nevada entrepreneur, Gregory Navone, based on his alleged improper disposal of about 40 boxes of sensitive consumer records collected by those companies. As part of the settlement, Navone agreed to pay a civil penalty of $35,000. The FTC complaint alleged that the documents, which included tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, and credit reports, were thrown away in a publicly accessible dumpster, which violated the privacy and security promises that Navone made to customers, and thus constituted a deceptive practice under the FTC Act. In addition to the monetary penalty, the consent judgment prohibits Navone from misrepresenting measures he takes to protect personal information, requires him to implement a comprehensive information security program for sensitive consumer information, and requires him to hire an independent third-party security professional to review the program every year for 10 years.

TIP: This FTC settlement is the first one brought over improper disposal of customer information, joining state actions for similar activities. When disposing of sensitive data, companies should remember to do so in a secure manner.