The Federal Trade Commission ("FTC") recently settled a false advertising case for $12 million with LifeLock, Inc. which advertised, promoted, offered for sale, sold, or otherwise made available to consumers a service purportedly designed to prevent identity theft through placing fraud alerts on consumers' credit reports on their behalf. The FTC alleged that the ID theft prevention service did not protect against all types of identity theft, including misuse of existing personal accounts or employment-related identity theft, did not prevent unauthorized changes to customers' address information, and did not ensure that a consumer would receive a telephone call from a potential creditor before a new account was opened in the consumer's name. Additionally, the FTC stated that LifeLock failed to properly secure customers' personal information that was obtained pursuant to subscribing to the ID theft prevention service by failing to employ sufficient safety measures on its network that stores personal information and by failing to require employees, vendors, and others with access to the personal information to use hard-to-guess passwords or security measures. LifeLock will pay $11 million to the FTC and $1 million to a group of 35 state attorneys general to settle the case.
TIP: Companies should properly qualify their advertising claims. Companies should employ proper security measures when collecting and storing a consumer's personal information on its servers.